From @dailenspencer on Thu Aug 24 2017 18:39:28 GMT+0000 (UTC)
@jayair Right. Solved that one as well - forgot to mention it on here. All is working well! Thanks for the assistance. Next step is to implement this functionality(Lambda and CognitoUserPool authentication) in Unity/C# app
From @jonsaw on Fri Aug 25 2017 07:14:35 GMT+0000 (UTC)
@jayair, published my frontend code here.
I’ve also cloned the frontend from this repository but with the config set to my servers. I am getting the same 403 error.
Fetch API cannot load https://xxxxxxxxxx.execute-api.ap-southeast-1.amazonaws.com/prod/notes. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://web.mhub.local:3002' is therefore not allowed access. The response had HTTP status code 403. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
With the following body.
{"message":"'ap-southeast-1/execute-api/aws4_request' not a valid key=value pair (missing equal-sign) in Authorization header: 'AWS4-HMAC-SHA256 Credential=AXXXXXXXXXXXXXXXXXXX/20170825/ ap-southeast-1/execute-api/aws4_request, SignedHeaders=accept;content-type;host;x-amz-date, Signature=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'."}
From @jonsaw on Fri Aug 25 2017 07:34:22 GMT+0000 (UTC)
Got it to work! There was a space in one of my configs which caused the authorization header to mess up.
{"message":"'ap-southeast-1/execute-api/aws4_request' not a valid key=value pair (missing equal-sign) in Authorization header: 'AWS4-HMAC-SHA256 Credential=AXXXXXXXXXXXXXXXXXXX/20170825/ ap-southeast-1/execute-api/aws4_request, SignedHeaders=accept;content-type;host;x-amz-date, Signature=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'."}
^ " " SPACE!!
From @jayair on Fri Aug 25 2017 22:45:52 GMT+0000 (UTC)
@jonsaw Just to make sure other people find this and understand it; which config had the extra space?
From @jonsaw on Sun Aug 27 2017 10:09:34 GMT+0000 (UTC)
@jayair sure thing!
export default {
apiGateway: {
URL: 'https://xxxxxxxxxx.execute-api.ap-southeast-1.amazonaws.com/prod',
REGION: ' ap-southeast-1',
// ^ " " extra space
},
cognito: {
USER_POOL_ID : 'ap-northeast-xxxxxxxxxxx',
APP_CLIENT_ID : 'xxxxxxxxxxxxxxxxxxxxxxxxx',
REGION: 'ap-northeast-1',
IDENTITY_POOL_ID: 'ap-northeast-1:xxxxxxx-xxxx-xxxx-xxxx-xxxxxxx',
},
MAX_ATTACHMENT_SIZE: 5000000,
};
From @jayair on Sun Aug 27 2017 21:28:42 GMT+0000 (UTC)
@jonsaw Ah makes sense. Thanks for posting it.
From @tmaxxman on Mon Oct 16 2017 03:21:10 GMT+0000 (UTC)
For future readers… I also had the “Failed to fetch” CORS issue. It seems like this can be caused by any issue with the inputs provided to sigV4Client or a misconfigured Serverless deployments. sigV4Client is a bit tricky b/c it will always sign your requests with the information you provide it, even if that is the wrong information. I was able to debug my situation by returning to the “Test the APIs” chapter, which I had skipped over in haste, and by investigating the logs for my create lambda function. I ultimately found two issues… (1) In my serverless “iamRoleStatemements” block of the serverless.yml file I forgot to change the Resource ARN to point at the correct region, in my case “us-west-2.” and (2) In my React config I specified a URL ending in “/prod/notes” rather than just “/prod.” So needless to say, this particular error is a bit annoying because it can span your frontend and backend code as it did in my case.
From @jayair on Tue Oct 17 2017 17:09:09 GMT+0000 (UTC)
@tmaxxman Thanks for sharing your debugging details. It’ll be pretty helpful.
From @tauren on Sun Nov 05 2017 01:00:00 GMT+0000 (UTC)
I was getting a 403 error on the OPTIONS request. Everything seemed configured properly, and running the apig-test
command in Test the APIs chapter was fine. Turns out I had a spurious single quote in config.js
:
apiGateway: {
URL: "https://7tsfnkxjl3.execute-api.us-west-2.amazonaws.com/prod'",
REGION: "us-west-2"
},
Note the extra '
at the end of the /prod'
in the URL. Hope this helps someone else.
From @walshe on Mon Jan 22 2018 02:50:10 GMT+0000 (UTC)
running into some issues calling apis from react app, any ideas ? when i use the test… I get following response:
Authenticating with User Pool
Getting temporary credentials
Making API request
{ status: 403,
statusText: 'Forbidden',
data: { Message: 'User: arn:aws:sts::xxxx:assumed-role/Cognito_notesidentitypoolAuth_Role/CognitoIdentityCredentials is not authorized to perform: execute-api:Invoke on resource: arn:aws:execute-api:us-east-1:********9445:xxxx/prod/POST/notes' } }
From @walshe on Tue Jan 23 2018 01:53:55 GMT+0000 (UTC)
strangely when the UI hits the list function, it actually reaches the function but get a 500 inside due to a pretty empty event.requestContext.identity:
cognitoidentity id is
{"cognitoIdentityPoolId":null,"accountId":null,"cognitoIdentityId":null,"caller":null,"sourceIp":"xx.xxx.xxx","accessKey":null,"cognitoAuthenticationType":null,"cognitoAuthenticationProvider":null,"userArn":null,"userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.108 Safari/537.36","user":null}
From @walshe on Tue Jan 23 2018 02:55:06 GMT+0000 (UTC)
followed this to resolve my issue - https://serverless-stack.com/chapters/debugging-serverless-api-issues.html
turns out of course that the original api prefix that I had specified in the role policy was now wrong because a new ‘serverless deploy’ had deployed apis to new url prefix
From @zipper1972 on Sun Feb 04 2018 14:41:15 GMT+0000 (UTC)
Upon attempting to log in, I was getting the following error:
TypeError: __WEBPACK_IMPORTED_MODULE_0_aws_sdk_global__["util"].crypto.lib.randomBytes is not a function. (In '__WEBPACK_IMPORTED_MODULE_0_aws_sdk_global__["util"].crypto.lib.randomBytes(128)', '__WEBPACK_IMPORTED_MODULE_0_aws_sdk_global__["util"].crypto.lib.randomBytes' is undefined)
I’m running AWS SDK version 2.188
Downgrading to version 2.177 fixes the problem.
From @jayair on Mon Feb 05 2018 18:06:02 GMT+0000 (UTC)
@zipper1972 Thanks for reporting. Some other folks had run into this issue as well. Something was off on the AWS SDK end.
From @nuyulcore on Thu Mar 29 2018 10:53:22 GMT+0000 (UTC)
I got this issues man
From @jayair on Fri Mar 30 2018 22:22:44 GMT+0000 (UTC)
@mbahfauz Have you solved this already? I see some of your other comments about other issues.
From @ringoyip0901 on Fri May 04 2018 23:01:30 GMT+0000 (UTC)
Whenever I call this API or try to create a note, I get the following error. Any advice or pointers? Thank you! I’m pretty sure I set all the cors to be true on my serverless.yml file. I also read through all the comments above but none of the solutions seemed to work for me. The status code is 401.
From @jayair on Mon May 07 2018 22:29:41 GMT+0000 (UTC)
@ringoyip0901 Did this chapter work for you - https://serverless-stack.com/chapters/test-the-apis.html?
If it did then we might have to look at the logs to see what is going on.
Hi I am getting an alert message of “No Credentials” when trying to add a note by clicking the “create” button.