This is weird, hope someone with experience can let me know why.
So I'm using AWS API Gateway to create a lambda proxy. I added CORS preflight to the root of the API.
However, when I try to call such API from my frontend (Using Amplify SDK's API ), I noticed that the OPTIONS request got send after the GET request. This got me puzzled, shouldn't it be the other way around? where OPTIONS request bring back the allowed origin and then the GET request will carry that in the header?
As shown in below image, the second request is the OPTIONS request, while the first request is the GET request (To be 'authenticated' by OPTIONS request)
BUT this is not the end of the story??!
If I change the origin to *, the order reverted back to what I think would be the correct order. CDK Setting
So I'm really really really puzzled, hope someone can help me out of this mud.
Thanks in advance!
I expect CORS preflight request to be sent before actual request.