Serverless-application-model: BinaryMediaTypes and CORS do not work together

Created on 25 Dec 2019  路  4Comments  路  Source: aws/serverless-application-model

We cannot get CORS to work with BinaryMediaTypes

Error message:

OPTIONS https://URL 500

Access to XMLHttpRequest at 'https://URL' from origin 'http://localhost:8000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access- 
Control-Allow-Origin' header is present on the requested resource.

This is our sam template:

Resources:
  ApiName:
    Type: AWS::Serverless::Api
    Properties:
      StageName: development
      BinaryMediaTypes:
        - '*~1*'
      Cors:
        AllowMethods: "'*'"
        AllowHeaders: "'*'"
        AllowOrigin: "'*'"
      Auth:
        DefaultAuthorizer: CognitoAuthorizer
        AddDefaultAuthorizerToCorsPreflight: false
        Authorizers:
          CognitoAuthorizer:
            UserPoolArn: 'USER_POOL'

As soon as we remove the "BinaryMediaTypes" option, the request works.

SAM CLI, version 0.37.0

picture espenjanson
👍2

Most helpful comment

@espenjanson @averydev I could solve it.

Just put the mime types you need in the BinaryMediaTypes property.
i.e: 

BinaryMediaTypes:
        - 'text~1html'
        - 'application~1xhtml+xml'
        - 'application~1xml;q=0.9'
        - 'image~1*'

The reason:
If you set the property to * / *, then ApiGateway tries to convert all responses to Binary, even json responses, and throws an error.

picture rcermeno on 23 Oct 2020
👍3

All 4 comments

Did you ever figure out the problem here? I'm having the same issue.

averydev picture averydev on 23 Jul 2020

I have the same issue, please somebody help us!!!

rcermeno picture rcermeno on 23 Oct 2020

@espenjanson @averydev I could solve it.

Just put the mime types you need in the BinaryMediaTypes property.
i.e: 

BinaryMediaTypes:
        - 'text~1html'
        - 'application~1xhtml+xml'
        - 'application~1xml;q=0.9'
        - 'image~1*'

The reason:
If you set the property to * / *, then ApiGateway tries to convert all responses to Binary, even json responses, and throws an error.

rcermeno picture rcermeno on 23 Oct 2020
👍3

SAM should support content handling for CORS OPTIONS requests.
For example in AWS::Serverless::Api
Please add an option under the Cors: section to be able to convert to text so this binary problem is fixed.
contentHandling: CONVERT_TO_TEXT

  Cors:
    AllowMethods: "'OPTIONS,HEAD,GET,POST,PUT,DELETE'"
    AllowHeaders: "'Access-Control-Request-Headers,Access-Control-Request-Method,Access-Control-Allow-Origin,x-api-key,Accept,Content-Type'"
    AllowOrigin: "'*'"
    contentHandling: CONVERT_TO_TEXT
danbanecker picture danbanecker on 4 Nov 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

restfulhead picture restfulhead  路  4Comments
axpence picture axpence  路  3Comments
charsleysa picture charsleysa  路  3Comments
sanjP10 picture sanjP10  路  3Comments
jiravani picture jiravani  路  3Comments