Testing CORS
You can test your API's CORS configuration by invoking your API, and checking the CORS
headers in the response. The following curl
command sends an OPTIONS
request to a deployed API.
curl -v -X
OPTIONS
https://{restapi_id}
.execute-api.{region}
.amazonaws.com/{stage_name}
< HTTP/1.1 200 OK < Date: Tue, 19 May 2020 00:55:22 GMT < Content-Type: application/json < Content-Length: 0 < Connection: keep-alive < x-amzn-RequestId: a1b2c3d4-5678-90ab-cdef-abc123 < Access-Control-Allow-Origin: * < Access-Control-Allow-Headers: Content-Type,Authorization,X-Amz-Date,X-Api-Key,X-Amz-Security-Token < x-amz-apigw-id: Abcd= < Access-Control-Allow-Methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
The Access-Control-Allow-Origin
,
Access-Control-Allow-Headers
, and
Access-Control-Allow-Methods
headers in the response show that the API
supports CORS. For more information, see Enabling CORS for a REST API resource.