aws-appsync-community icon indicating copy to clipboard operation
aws-appsync-community copied to clipboard
verified publisher icon aws

Enable CORS on the AppSync Admin APIs

Open buggy opened this issue 6 years ago • 4 comments

I'm trying to list the AppSync API's using the V3 JavaScript SDK from a web browser. The call fails with "Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://appsync.us-west-2.amazonaws.com/v1/apis. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing)."

If I inspect the network calls I see a successful OPTIONS request to https://appsync.us-west-2.amazonaws.com/v1/apis that contains the headers:

access-control-allow-origin: *
access-control-allow-headers: Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-Content-Sha256,X-Amz-User-Agent

The browser then proceeds to perform a GET but the response to the GET request is missing those headers which causes the browser to throw a CORS error. Could those headers be added to all responses?

buggy avatar Apr 24 '20 15:04 buggy

Using awscurl I do see these headers coming back. Are you still seeing this? Do you have a minimal reproduction case I can test with?

jpignata avatar Nov 24 '21 14:11 jpignata

@buggy is this still an issue? How did you overcome it?

guenhter avatar Jul 04 '22 13:07 guenhter

AppSync only supports POST method for its endpoints. Try it with the same

rosmu avatar Aug 25 '22 05:08 rosmu