Access-control-allow-origin is not allowed by Access-Control-Allow-Headers in preflight response

Question

I have prepared an Lambda function using Express(node.js) and enabled the Authorization with IAM as well.

The API is working in the Postman as per below link : https://ww

Answer 1

Answer :

First of all the problem was not in header content. It was in the Authorization String which I was generating for AWS API Gateway authorization.

As pointed by @sideshowbarker. We don't need to add any headers in the ajax call.

The response header are enough to handle the API call.

app.use(cors())

app.use((req, res, next) => {
    res.header('Access-Control-Allow-Origin', '*');
    res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE');
    res.header('Access-Control-Allow-Headers', 'Access-Control-Allow-Headers, Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method,X-Access-Token,XKey,Authorization');
    next();
});

Also I switched to Firefox for debugging the API call, where I found following errors.

Because I switched to Firefox, I could see the response from AWS from which I could further debug and fix the issue.

Issue in the CanonicalRequest function :

Before

'content-type;host;x-amz-date;'

After

'content-type;host;x-amz-date'

Thanks everyone for your inputs and help.

I have updated the git repo. Please refer the same. https://github.com/mudass1r/aws-iam-authorization