running into CORS or Access-Control-Allow-Origin issues

[timotheecour]

@zaccharles

on OSX, if I open frontend/client.html directly I get: Origin null is not allowed by Access-Control-Allow-Origin. so i tried:

python3 -m http.server 7025

then navigate to http://localhost:7024/client.html and put https://flimxcxxxx.execute-api.us-east-1.amazonaws.com/dev/ in the Step 1 - Enter API URL input box, where i guess the url from the output of serverless deploy :

endpoints:
  GET - https://flimxcxxxx.execute-api.us-east-1.amazonaws.com/dev/signed-url
  GET - https://flimxcxxxx.execute-api.us-east-1.amazonaws.com/dev/signed-post

but then after selecting a file and clicking upload it fails:

• on safari: Fetch API cannot load https://flimxcxxxx.execute-api.us-east-1.amazonaws.com/dev/signed-url due to access control checks. https://flimxcxxxx.execute-api.us-east-1.amazonaws.com/dev/signed-url

Failed to load resource: Origin http://localhost:7025 is not allowed by Access-Control-Allow-Origin. client.html:62

• on chrome: Access to fetch at 'https://flimxcxxxx.execute-api.us-east-1.amazonaws.com/dev/signed-url' from origin 'http://localhost:7024' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

note

• D20200803T220824
• this looks relevant: https://www.serverless.com/blog/cors-api-gateway-survival-guide is this related to 'Access-Control-Allow-Credentials': true, ?

[zaccharles]

Hi @timotheecour,

I mentioned CORS a couple of times in the blog post. You definitely need to configure it otherwise I'd definitely expect you will get a CORS error like that.