I have a .NET Core 6.0 AWS Lambda endpoint. I can see via the CloudWatch logs that it’s returning “Access-Control-Allow-Origin” in the response when I serialize the response before it gets returned to the client; e.g.:
{
"statusCode": 200,
"headers": {
"content-Type": "application/json",
"cache-Control": "no-cache, no-store, must-revalidate",
"pragma": "no-cache",
"expires": "0",
"access-Control-Allow-Origin": "*",
"access-Control-Allow-Methods": "GET, POST, PUT, DELETE, OPTIONS",
"access-Control-Allow-Headers": "Content-Type, Authorization"
},
"multiValueHeaders": null,
"body": "{"version":"1.0.0"}",
"isBase64Encoded": false
}
But when I invoke the API endpoint from CURL or Postman, the “Access-Control-…” headers are not reflected in the response. All the other headers are being included per design.
For testing purposes, I’ve gone as far to set the CORS for the API Gateway CorsConfiguration to be the following:
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: *
Access-Control-Allow-Methods: *
Access-Control-Expose-Headers: *
(I’ll lock these down further, but I’m just trying to get it working at all.)
What could possibly be stripping out the “Access-Control-…” headers from the response on its way to the client?
1