If you configure CORS (Cross-Origin Resource Sharing) for an API, API Gateway automatically sends a response to preflight OPTIONS requests, even if there isn’t an OPTIONS route configured for your API.
At this time, you might want to disable your OPTIONS request authorizer, otherwise the preflight call might get unauthorized. You can disable it when define your authorizers in the SAM (Serverless Application Model) template by adding AddDefaultAuthorizerToCorsPreflight: False. For example:
Auth:
DefaultAuthorizer: MyLambdaTokenAuthorizer
Authorizers:
MyLambdaTokenAuthorizer:
FunctionArn: !GetAtt ValidateTokenFunction.Arn
AddDefaultAuthorizerToCorsPreflight: False
Refereces:
Configuring CORS for an HTTP API
原创文章,作者:306829225,如若转载,请注明出处:https://blog.ytso.com/tech/pnotes/268328.html