admin管理员组

文章数量:1123863

I have issues with CORS, most likely due to Frontend (Amplify) being https and backend (ElasticBeanstalk) being http. Tried to fix unsuccessfully with API Gateway.

Frontend: React app hosted on AWS Amplify Backend: Django REST framework on Elastic Beanstalk Authentication: AWS Cognito API Gateway as proxy between frontend and backend

Issue: Getting CORS error when frontend tries to access backend through API Gateway. With Chrome CORS disabled, the request reaches backend but fails with Django auth error.

Frontend (React/TypeScript):

const fetchVideos = async () => {
    const session = await fetchAuthSession();
    const token = session.tokens?.idToken?.toString();
    // Token looks valid: eyJraWQiOiJxTHpReFZa...
    const fullUrl = `${BASE_URL}/api/premium-content`;
    const response = await fetch(fullUrl, {
        method: 'GET',
        credentials: 'include',
        headers: {
            'Authorization': `Bearer ${token}`,
            'Content-Type': 'application/json',
        }
    });
}

Django Settings (base.py):

CORS_ALLOWED_ORIGINS = [
    ";,
    "http://localhost:5173",
    "http://localhost:3000"
]
CORS_ALLOW_CREDENTIALS = True

API Gateway Configuration

ANY method: HTTP Proxy integration to EB endpoint
OPTIONS method: Mock integration with headers:

Access-Control-Allow-Origin: ''
Access-Control-Allow-Methods: 'GET,OPTIONS'
Access-Control-Allow-Headers: 'Content-Type,Authorization'
Access-Control-Allow-Credentials: 'true'

Gateway responses: 4XX and 5XX enabled for CORS

Seeing the error message in the console log:

Access to fetch at 'https://[api-gateway-url]/prod/api/premium-content' from origin '' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status.

What I've Tried

  1. Configured CORS in Django using django-cors-headers
  2. Set up API Gateway CORS for both the resource and gateway responses
  3. Tried both Mock and HTTP Proxy integration for OPTIONS method
  4. Verified Cognito token is being generated and sent correctly
  5. Added explicit CORS headers in Django view's dispatch method
  6. Attempted to bypass Django's default authentication in favor of custom Cognito auth

本文标签: Django RESTAPI Gateway CORS Issue with Cognito AuthenticationStack Overflow

版权声明:本文标题:Django REST + API Gateway CORS Issue with Cognito Authentication - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1736594207a1945123.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。