You are a lead developer for an application that uses WebSockets through API Gateway to push payloads between the clients and server.
Your API has a proxy integration with Lambda.
When the client connects for the first time, it receives a preflight error message.
Which steps will you take to resolve this issue?
Click on the arrows to vote for the correct answer
A. B. C. D. E.Answer: E.
Option A is incorrect because using the Management Console to enable CORS will by itself not resolve the issue.
Option B is incorrect because when using a proxy integration with Lambda, it is necessary to add “Access-Control-Allow-Headers” and “Access-Control-Allow-Origin” headers to the response in the Lambda function as a proxy integration will not return an integration response.
Option C is partially correct as it on its own it will not resolve the issue as laid in the AWS documentation.
Option D is partially correct as it on its own it will not resolve the issue as laid in the AWS documentation.
Option E is CORRECT.
When using a proxy integration with Lambda, it is necessary to add “Access-Control-Allow-Headers” and “Access-Control-Allow-Origin” headers the response in the Lambda function as a proxy integration will not return an integration response.
All three steps need to be used when enabling CORS for an API with a Lambda proxy integration.
Reference:
https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-cors.htmlWebSockets provide a persistent connection between a client and a server, allowing real-time data exchange. AWS API Gateway offers WebSockets support and proxy integration with AWS Lambda.
When a client connects to a WebSocket API through API Gateway for the first time, it sends an HTTP request to initiate a WebSocket handshake. This request is an HTTP upgrade request, which the WebSocket API Gateway endpoint receives as an HTTP request.
As the WebSocket request is an HTTP request, the browser will send a preflight request. This preflight request is sent to verify if the server supports WebSocket connections and what security measures are in place.
The preflight request includes an OPTIONS method call that expects an HTTP response with specific headers to indicate if CORS is enabled or not.
To resolve the preflight error message, we need to take the following steps:
Option A: Enable CORS using the API Gateway console CORS (Cross-Origin Resource Sharing) is a mechanism that enables sharing resources between different origins (domains). Enabling CORS in the API Gateway console is the first step to allow access to the WebSocket API endpoint from a different domain.
Option B: Set up the OPTIONS method and required OPTIONS response headers in API Gateway To handle the preflight request, API Gateway must have an OPTIONS method configured with the appropriate response headers. These headers include "Access-Control-Allow-Origin," "Access-Control-Allow-Headers," "Access-Control-Allow-Methods," and "Access-Control-Allow-Credentials."
Option C: Make changes to the backend to return "Access-Control-Allow-Headers" and "Access-Control-Allow-Origin" headers If you're using Lambda with API Gateway, the Lambda function must return the required headers to complete the preflight request successfully.
Therefore, to resolve the preflight error message, we need to implement options B and C.
Option D and E are incorrect because Option A alone is not sufficient to resolve the preflight error, and Option B and C must be implemented together to resolve the preflight error.