My situation:
I have an HTTP API working with AWS Lambda proxy Integrations in API Gateway, with GET and POST methods. I want to enable CORST for it.
Doubt, do I have to add the OPTIONS method to Access-Control-Allow-Methods? In the HTTP APIs documentation, I remark HTTP APIs not REST APIs: It is specified: That if you configure CORS API Gateway it will automatically return the a response to preliminary OPTIONS requests even if you don't have OPTIONS routes.
Does that mean, I have to add the OPTIONS method to Access-Control-Allow-Methos for it to work correctly or not?
What I tried:
If I do not enable CORS:
In the frontend. when making a GET request I receive an CORS error during the preliminary OPTIONS request.
If I enable CORS without adding OPTIONS to Acces-Control-Allow-Methods:
* On the fronted. When making a GET request, it works correctly. In the header of the OPTIONS response I receive Access-Control-Allow-Methods: GET,POST
* Performing curl from ubuntu. When I make the OPTIONS request I don't get back the ccess-Control-Allow-Method header. Code 204
If I enable CORS by adding OPTIONS to Access-Control-Allow-Methods:
It works the same way as above but on frontend obviously I also get OPTIONS apart from GET and POST.
What I expect to happen:
That the forntend works correctly when performing the GET, that is to say that OPTIONS returns the desired headers.
That the curl also returns them to me. I do not understand why it does not return them.