Hi @tim.martin! I’ve just run through Holly’s tutorial and combined it with mine and I’ve hopefully got an answer for you.
I believe that the reason that the app doesn’t automatically work has to do with CORS preflight requests. Axios sends an OPTIONS request to the API endpoint prior to the actual GET request to check that CORS is understood and the GET request will be allowed. There were a few changes I had to make to my HTTP API configuration to make preflight requests respond successfully and thus allow the API to be called from JavaScript applications:
- In the
switchstatement inside the Lambda handler function, I added a case forOPTIONSrequests that returns a200response with an empty body. - In addition to the
GETandPOSTroutes towish-list-servicein the HTTP API configuration, I added anOPTIONSroute that connects to the Lambda integration, but isn’t connected to the JWT Authorizer:
- I set the following configuration options in the CORS settings for the API:
-
*toAccess-Control-Allow-Origin -
authorizationtoAccess-Control-Allow-Headers -
GETandPOSTtoAccess-Control-Allow-Methods
This tells the API to allow GET and POST requests from any origin and to allow those requests to include the authorization header.
One more note: I did also recreate the Express API from Holly’s post as an HTTP API, and setting up the Authorizer was a little more complex, as there were nested routes involved. I had to set up the JWT Authorizer on GET requests and allow OPTIONS requests to bypass the JWT Authorizer - here’s a screenshot of the Authorizers configuration in the API.
I hope that all makes sense and helps you get everything working!