Enable CORS for APIs accessed via API Gateway route

[vishalbollu]

Version

v0.18.1

Description

CORS is not supported for APIs exposed via API Gateway route because it is disabled by API Gateway by default. Here are the steps that need to be taken to enable API Gateway manually using the AWS console.

Additional Context

1. CORS seems to be a per API Gateway setting (as opposed to a per route setting) is this different for HTTP API Gateway type?
2. Enable CORS "*" by default for Cortex Cluster's API Gateway?
3. How would users configure it? In the cluster configuration? What would the schema be?
4. How would users update their API Gateway CORS for a running cluster?

[deliahu]

@mrafieej we have not been able to reproduce this issue on the master branch; once we release v0.19 (which we expect to late this week), do you mind trying your application with v0.19 to check if this has been resolved?

[mrafieej]

Thanks @deliahu we resolved the issue with @vishalbollu 's help. He created a guide on how to add the required header for the LB in AWS console.

[deliahu]

@mrafieej I'm glad to hear that you were able to get it working! Ideally it would not be necessary for you to manually update the API Gateway CORS configuration, and instead it should work out-of-the-box. It seems to work out-of-the-box for me now on the master branch, which we can confirm with your application once we release 0.19

[deliahu]

@mrafieej have you tried running cortex v0.19, and if so, does CORS work without you having to manually update the API Gateway CORS configuration?

[mrafieej]

@deliahu yes, I migrated to 0.19 and it worked fine. Thanks for following up.

[deliahu]

@mrafieej sounds good, thanks for the update!

[wise-east]

is this still done automatically with cortex v0.23? I just deployed my API again with v0.23 and I'm getting:

Access to XMLHttpRequest at 'https://hreakcof35.execute-api.us-east-1.amazonaws.com/ya-bot' from origin 'https://spolin.isi.edu' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status.

This used to not be a problem when I was using v0.21. I followed the steps in the guide above, but the issue isn't resolved.

Do I have to follow the instructions here to enable CORS? https://docs.cortex.dev/running-cortex-on-aws/rest-api-gateway#if-your-api-load-balancer-is-internet-facing

[wise-east]

FYI, I downgraded to cortex v0.21 and the CORS issue isn't there anymore.

[deliahu]

@wise-east I was able to reproduce the CORS error just now on v0.23. We made a few changes to the networking stack in v0.22, so I suspect that is the culprit. We'll look into it and keep you posted, thanks for letting us know!

[deliahu]

@wise-east I was able to find a temporary workaround if you are interested in using v0.23 in the meantime as we work on re-enabling CORS. If you follow the guide that you linked to for setting up REST API Gateway, it will work as long as you make one modification: between step 5 and step 6, click on "Actions" > "Enable CORS", then update "Access-Control-Allow-Headers" to '*', and click "Enable CORS and replace existing CORS headers"

[RobertLucian]

@wise-east can you tell us if you get a log about the denied request in your API's logs (using cortex logs <api-name>)? Or does it go unnoticed?

[deliahu]

@wise-east we just merged #1649, which should fix the CORS configuration.

I'd be happy to build a version of the API image for v0.23 for you if you'd like to switch back to v0.23, just let me know! Otherwise, we plan on releasing v0.24 next week, which will include this fix.