@@ -445,12 +445,30 @@ export class BackendStack extends cdk.Stack {
445445
446446 // Add CORS to all resources
447447 api . root . addCorsPreflight ( corsOptions ) ;
448- apiResource . addCorsPreflight ( corsOptions ) ;
449- reportsResource . addCorsPreflight ( corsOptions ) ;
450- latestResource . addCorsPreflight ( corsOptions ) ;
451- reportIdResource . addCorsPreflight ( corsOptions ) ;
452- reportStatusResource . addCorsPreflight ( corsOptions ) ;
453- docsResource . addCorsPreflight ( corsOptions ) ;
448+ apiResource . addCorsPreflight ( {
449+ ...corsOptions ,
450+ allowCredentials : false // This is crucial - make sure OPTIONS requests don't require credentials
451+ } ) ;
452+ reportsResource . addCorsPreflight ( {
453+ ...corsOptions ,
454+ allowCredentials : false
455+ } ) ;
456+ latestResource . addCorsPreflight ( {
457+ ...corsOptions ,
458+ allowCredentials : false
459+ } ) ;
460+ reportIdResource . addCorsPreflight ( {
461+ ...corsOptions ,
462+ allowCredentials : false
463+ } ) ;
464+ reportStatusResource . addCorsPreflight ( {
465+ ...corsOptions ,
466+ allowCredentials : false
467+ } ) ;
468+ docsResource . addCorsPreflight ( {
469+ ...corsOptions ,
470+ allowCredentials : false
471+ } ) ;
454472
455473 // Configure Gateway Responses to add CORS headers to error responses
456474 const gatewayResponseTypes = [
@@ -466,7 +484,7 @@ export class BackendStack extends cdk.Stack {
466484 apigateway . ResponseType . INTEGRATION_TIMEOUT ,
467485 ] ;
468486
469- gatewayResponseTypes . forEach ( ( responseType ) => {
487+ gatewayResponseTypes . forEach ( responseType => {
470488 new apigateway . CfnGatewayResponse (
471489 this ,
472490 `${ appName } ${ responseType . responseType . toString ( ) } ${ props . environment } ,
0 commit comments