I'm trying to pass throught cors policy using nodejs + express in an heroku api, but getting this error:
Access to XMLHttpRequest at 'https://....' from origin 'https://...' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource
My methods in the frontend are:
const fetchUser = async () => {
const res = await axios.get(
process.env.REACT_APP_API_URL + `/api/user/${userId}`,
{
headers: {
Authorization: `Bearer + ${token}`,
},
},
)
console.log(res.data)
setStatsInit({ waiting: false, stats: res.data })
}
in server:
const corsOptions = {
origin: true,
methods: ['GET', 'HEAD', 'PUT', 'PATCH', 'POST', 'OPTIONS', 'DELETE'],
headers: [
'Content-Type',
'Authorization',
'application/json',
'text/plain',
'*/*',
],
credentials: true,
maxAge: 3600,
}
app.use(cors(corsOptions))
app.get('/api/user/:uid', middleware.decodeTokenContext, async (req, res) => {
const user = {
uid: req.params.uid,
}
const userStats = await FirestoreClient.getByPath(`users/${user.uid}`)
return res.json({ userStats })
})
The middleware, to check if it is authenticated:
async decodeTokenContext(req, res, next) {
let token = req.headers.authorization.split(' ')[1]
try {
const decodeValue = await admin.auth().verifyIdToken(token)
if (decodeValue) {
return next()
}
return res.json({ message: 'Não autorizado' })
} catch (e) {
return res.json({ message: 'Erro Interno' })
}
}
on the network, on browser, i got this error:
How to solve that error of cors?
This is part of my code in lambda to insert some values into an oracle database (from Amplify cli)
exports.handler = async (event, context, callback) => {
console.log(`EVENT: ${JSON.stringify(event)}`);
let conn;
try {
conn = await oracledb.getConnection(connAttr);
let result = await conn.execute(
"INSERT INTO employee VALUES (:name, :id, TO_TIMESTAMP(:date1, 'DD-MM-YYYY HH24:MI:SS'), TO_TIMESTAMP(:date2, 'DD-MM-YYYY HH24:MI:SS'))",
[req.body.name, req.body.discount, req.body.date1, req.body.date2],
{
name : req.body.name,
id : req.body.id,
date1 : req.body.date1,
date2 : req.body.date2
}
);
);
const response = {
statusCode: 200,
body: JSON.stringify(result),
headers: {
"Access-Control-Allow-Origin": "*",
"Access-Control-Allow-Headers": "*",
"Access-Control-Allow-Methods": "*",
"Access-Control-Allow-Credentials" : "true",
"content-type": "application/json"
}
};
callback(null, response);
console.log('Query executed');
}
catch (err) {
const response = {
statusCode: 400,
body: JSON.stringify({message: err}),
headers: {
"Access-Control-Allow-Origin": "*",
"Access-Control-Allow-Headers": "*",
"Access-Control-Allow-Methods": "*",
"Access-Control-Allow-Credentials" : "true",
"content-type": "application/json"
}
};
}
}
When I call the api connected, I get no response so I decided to use the aws console for some quick debugging and the code editor is giving me the warning: req is not defined; please fix or add /*globalreq*/
How can I fix this?
Seem like you were trying to extract the request body when this Lambda function was called, but you have not assigned that body to your "req" variable.
You should explicitly extract it from the event argument, you can refer that body (payload) from the document below
https://docs.aws.amazon.com/lambda/latest/dg/API_Invoke.html
I am using react native camera to take picture and make post request to send it to server to be storted there and perform some actions:
here is the code in frontend for send the fetch request:
const takePicture = async () => {
if (camera) {
const data = await camera.current.takePictureAsync({ quality: 0.25, base64: true });
setTakingPic(true)
fetch('http://*************/users/upload', {
method: 'POST',
headers: {
Accept: 'application/json',
'Content-Type': 'application/json',
},
body: JSON.stringify({
image: data.base64,
id: Id
}),
}).then((response) => console.log(response))
.then((res) => {
if (res.success === true) {
alert(res.message);
navigation.navigate('studentD')
}
else {
alert(res.message);
}
})
.catch(err => { console.log(err); });
}
};
and in backend:
router.post('/upload', function (req, res) {
var image = req.body.image
var id = req.body.id
var status = "on hold"
var userid = localStorage.getItem('userId');
console.log(image)
fs.writeFile('../images/' + id + '.png', image, 'base64', (err) => {
if (err) { throw err }
else {
connection.query("INSERT INTO face_status (status,imageinfo,user_id) VALUES (?,?) ", [status, image, userid], function (err, row) {
if (err) {
console.log(err);
} else {
res.send({ 'success': true, 'message': 'ok' });
}
});
}
})
})
when camera capture the picture and send the request the server is log the request as POST /users/upload 413 2068.099 ms - 1220
which something related to the upload limit size, I tried to set the following:
router.use(bodyParser.json({ limit: '50mb' }));
router.use(bodyParser.urlencoded({ limit: '50mb', extended: true }));
but still same error, I also console.log(response) the response in frontend and this what I got:
{"_bodyBlob": {"_data": {"__collector": [Object], "blobId": "2313bc80-fd1d-4059-91f8-e16ffdaaa4eb", "offset": 0, "size": 1220}}, "_bodyInit": {"_data": {"__collector": [Object], "blobId": "2313bc80-fd1d-4059-91f8-e16ffdaaa4eb", "offset": 0, "size": 1220}}, "bodyUsed": false, "headers":
{"map": {"connection": "keep-alive", "content-length": "1220", "content-type": "text/html; charset=utf-8", "date": "Mon, 08 Feb 2021 11:21:31 GMT", "etag": "W/\"4c4-N4ip9wLgHN8MkaoeSMzYtH17uPI\"", "keep-alive": "timeout=5", "x-powered-by": "Express"}}, "ok": false, "status": 413, "statusText": undefined, "type": "default", "url": "http://*************/users/upload"}
var mysql = require('mysql');
var config = require('./config.json');
var jwt = require('jsonwebtoken');
var configuration = require('./jwtconfig.js');
const isBase64 = require('is-base64');
const base64mime = require('base64mime');
const AWS = require('aws-sdk');
AWS.config.update({ region: 'us-east-2' });
const s3 = new AWS.S3({ apiVersion: '2006-03-01' });
const bucket = "bucketname";
let path = "bucketpath/";
var pool = mysql.createPool({
host: config.dbhost,
user: config.dbuser,
password: config.dbpassword,
database: config.dbname
});
module.exports.handler = (event, context, callback) => {
const { eventname, event_type, event_platform, event_date, co_host, stream_url, description, event_time, user_id, zoom_id,c_id } = JSON.parse(event.body);
const image = JSON.parse(event.body).imageBase64;
//let token = event.headers['x-access-token'] || event.headers['authorization'];
context.callbackWaitsForEmptyEventLoop = false;
// if (token) {
// jwt.verify(token, configuration.secret, (err, decoded) => {
// if (err) {
// callback({
// statusCode: 201,
// headers: {
// "Access-Control-Allow-Origin": "*",
// "Access-Control-Allow-Headers": "Content-Type,x-access-token",
// // "Access-Control-Request-Headers":"x-access-token",
// "Access-Control-Allow-Methods": "OPTIONS,POST"
// },
// body: JSON.stringify(err)
// }, null);
// } else {
// event.decoded = decoded;
if (eventname && event_type && event_date) {
let key = path + "img" + "_" + new Date().getTime();
const options = {
Bucket: bucket,
Key: key,
StorageClass: 'STANDARD_IA',
ACL: 'public-read',
ContentType: base64mime(image),
ContentEncoding: 'base64',
Body: Buffer.from(image.replace(/^data:image\/\w+;base64,/, ""), 'base64')
};
s3.upload(options, (err, data) => {
if (err) {
callback({
"statusCode": 400,
"headers": {
"Access-Control-Allow-Origin": "*",
"Access-Control-Allow-Headers": "Content-Type,x-access-token,Origin,XMLHttpRequest",
"Access-Control-Request-Headers":"x-access-token",
"Access-Control-Allow-Methods": "OPTIONS,POST",
"Access-Control-Allow-Credentials" : "true"
},
"body": JSON.stringify(err)
}, null);
} else {
var bhu = data["Location"];
callback(null, { statusCode: 200, headers: { "Access-Control-Allow-Origin": "*" , "Access-Control-Allow-Headers": "Origin, X-Requested-With,x-access-token, Content-Type, Accept, Authorization, token, XMLHttpRequest"},body:JSON.stringify(bhu)});
pool.getConnection(function (err, connection) {
if (err) {
return callback(err, null);
}
var quer = `Insert INTO event (eventname,event_type,event_platform,event_date,co_host,stream_url,description,event_time,user_id,zoom_id,image,c_id) values ('${eventname}', '${event_type}', '${event_platform}', '${event_date}','${[co_host]}', '${stream_url}', '${description}','${event_time}','${event.pathParameters.user_id}','${zoom_id}','${bhu}','${c_id}')`;
connection.query(quer, [parseInt(event.pathParameters.user_id)], function (error, results, field) {
if (error) {
callback({
statusCode: 400,
headers: {
"Access-Control-Allow-Origin": "*",
"Access-Control-Allow-Methods": "GET,HEAD,PUT,POST,OPTIONS,UPDATE,DELETE",
"Access-Control-Allow-Headers": "Origin, X-Requested-With,x-access-token, Content-Type, Accept, Authorization, token, XMLHttpRequest",
"Access-Control-Allow-Credentials" : "true"
},
body: JSON.stringify(error)
}, null);
} else {
var insertId = results.insertId;
var getquer = `SELECT * FROM event WHERE id = ${insertId}`;
connection.query(getquer, function (error, result) {
if (error) {
callback({
statusCode: 400,
headers: {
"Access-Control-Allow-Origin": "*",
"Access-Control-Allow-Methods": "GET,HEAD,PUT,POST,OPTIONS,UPDATE,DELETE",
"Access-Control-Allow-Headers": "Origin, X-Requested-With,x-access-token, Content-Type, Accept, Authorization, token, XMLHttpRequest",
"Access-Control-Allow-Credentials" : "true"
},
body: JSON.stringify(error)
}, null);
} else {
var customRes = [];
customRes = {
"statusCode": 200,
"message": "event created successfully",
"data": result,
//"token data":decoded
};
callback(null, {
statusCode: 200,
headers: {
"Access-Control-Allow-Origin": "*",
"Access-Control-Allow-Methods": "GET,HEAD,PUT,POST,OPTIONS,UPDATE,DELETE",
"Access-Control-Allow-Headers": "Origin, X-Requested-With,x-access-token ,Content-Type, Accept, Authorization, token, XMLHttpRequest",
"Access-Control-Allow-Credentials" : "true"
},
body: JSON.stringify(customRes)
});
}
});
}
});
});
}
});
}
// });
// } else {
// var customRes = {};
// customRes = {
// "statusCode": 201,
// "message": "token is not provided",
// };
// callback(null, {
// statusCode: 201,
// headers: {
// "Access-Control-Allow-Origin": "*",
// "Access-Control-Allow-Headers": "Content-Type,x-access-token",
// "Access-Control-Allow-Methods": "OPTIONS,POST"
// },
// body: JSON.stringify(customRes)
// });
//}
};
I am getting 'Access-Control-Allow-Origin' header is present on the requested resource error when accessing this code API in front end . i am using aws lambda function to upload image to s3 bucket . i have also included . access-control-allow -origin header in my code . i have enable proxy integration in API gateway . but I am getting this error
I found that you've already open CORS in your NodeJS code but it's just for lambda part only. But all of request will be passed through API Gateway thus you may need to open CORS in AWS API Gateway.
Go to your API Gateway Path > then click Actions dropdown > Click Enable CORS as per attach for reference.
I am creating node.js function through aws lambda which makes a GET request to Hybris Market Place and gets a CSRF Token. Then I am using that token to make another POST request to post some data to Hybris Market place but I am getting an error of 403 Forbidden. Same thing works in Postman which I believe due to POSTMAN keeps GET session alive and hence CSRF token is still valid. How May I achieve that in AWS Lambda function. Below is my code. I am using promise to make two requests.
const https = require('https');
exports.handler = async (event, context, callback) => {
const tokenOptions = {
"host": "*******.s4hana.ondemand.com",
"path": "/sap/opu/odata/sap/***********/",
"port": null,
"headers":{
"authorization": "Basic ************=",
"cache-control": "no-cache",
"x-csrf-token": "fetch"
},
"method": "GET"
};
var getToken = (tokenOptions) => {
return new Promise((resolve,reject)=>{
const req = https.request(tokenOptions, (res) => {
var xToken = res.headers["x-csrf-token"];
var sCookies = res.headers["set-cookie"];
var response = [xToken,sCookies]
res.on('data', () => {
console.log('Successfully processed HTTPS response');
resolve(response);
});
res.on('end', () => {
});
});
req.on('error', function(){
reject('Request to get token failed.');
});
req.end();
});
};
var postContent = (response) => {
return new Promise((resolve,reject)=>{
var options = {
"method": "POST",
"host": "*********-***.s4hana.ondemand.com",
"path": "/sap/opu/odata/sap/*********/*******",
"port":null,
"headers":
{ "authorization": "Basic *******==",
"x-csrf-token": response[0],
"accept": "application/json",
"content-type": "application/json",
"cache-control": "no-cache",
},
"cookie":response[1],
"body":
{
/* Data I want to POST */
},
"json": true
};
const req = https.request(options, (res,data) => {
console.log(res.statusCode);
res.on('data', () => {
resolve('Successfully submitted.');
});
res.on('end', () => {
});
});
req.on('error', function(err,res){
reject('Request to get Post failed.');
});
req.end();
});
};
getToken(tokenOptions).then((response) =>{
console.log('Result: ' +response[0]);
return postContent(response);
}).then((successMsg) =>{
callback(null,successMsg);
}).catch((errMsg)=>{
callback();
});
};