I am getting the following error when trying to do a POST against my Serverless API that uses AWS API Gateway:
Access to fetch at 'https://example.com/shop' from origin 'https://otherexample.com' has been blocked by CORS policy: Request header field shop is not allowed by Access-Control-Allow-Headers in preflight response.
I tried using the header option to cors() with middy, but this does not work:
const handler = middy(async (event, context) => {
// ...
})
handler.use(cors({
headers: 'Content-Type, shop'
}));
module.exports.handler = handler;
However, this works:
findShop:
handler: src/routes/findShop.handler
events:
- http:
path: /shop
method: post
cors:
origin: '*'
headers:
- Content-Type
- shop
Why does the latter work and not the former? The @middy/http-cors docs say the following, so it seems like specifying headers in cors() should work:
headers (string) (optional): value to put in Access-Control-Allow-Headers (default: false)