CORS policy: Response to preflight request doesn't pass access control check: Redirect is not allowed for a preflight request - AWS CloudFront

Question

I have deployed an Angular 7 Frontend App in AWS Amplify (URL: https://master.34Dkmjf43R39qs4.amplifyapp.com) and backend .NET Core 3.0 API in EC2 Windows IIS Server(URL: http://ec2-1-543-75-576.us-east-2.compute.amazonaws.com/) - The API Can't work in AWS lambda that's why the setup.

The Endpoint in EC2 Server need to be secure(certificate setup), so I decided to use AWS CloudFront to overcome that. I ended up with backend URL: https://e1o1pqplstqo56.cloudfront.net The problem is if I try to do a post to the API from Angular frontend I end up with the following CORS error. When I use my app locally http://localhost:4200 and point the api to EC2 directly while bypassing the CloudFront, its working. CORS is enabled on API. I have tried the process described here and various answers on SO but seems I'm going round in circles.

CORS policy: Response to preflight request doesn't pass access control check: Redirect is not allowed for a preflight request.

I'm trying to achieve something like this. The only reason I decided to use cloudfront is because I tried to setup a domain and setup ssl certificate on EC2 server but I struggled to do so.

enter image description here My headers looks as below:

General
Request URL: https://master.d1r3235jfifp9qs4.amplifyapp.com/dashboard
Request Method: GET
Status Code: 301 
Remote Address: 143.204.64.64:443
Referrer Policy: no-referrer-when-downgrade

Response Headers
content-length: 0
content-type: application/xml
date: Fri, 07 Aug 2020 21:21:12 GMT
location: /dashboard/
server: AmazonS3
status: 301
via: 1.1 61ac54ead412fb7a3xa7ed41fh7009ab.cloudfront.net (CloudFront)
x-amz-cf-id: 2B44yb0cqYYetDoGGW_X8N4bEpG9oOUsbv8rVbbDbynTI7K2zztmVg==
x-amz-cf-pop: CPT50
x-cache: Miss from cloudfront

Request Headers
:authority: master.d1nkdsfsffdifp9qs4.amplifyapp.com
:method: GET
:path: /dashboard
:scheme: https
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cache-control: max-age=0
cookie: _ga=GA1.2.511481026.1585607758; G_ENABLED_IDPS=google; G_AUTHUSER_H=0
sec-fetch-dest: document
sec-fetch-mode: navigate
sec-fetch-site: same-origin
sec-fetch-user: ?1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36

you should enable HTTP Verb OPTIONS in cloudfront. have you done that? — Arun K, Aug 07 '20 at 23:13
I have enabled OPTIONS in Allowed HTTP Methods in cloudfront — tmndungu, Aug 08 '20 at 08:24
There was a stackoverflow answer about whether or not having a trailing slash in the url. Can you play around by adding or removing a trailing slash to the URL — Arun K, Aug 08 '20 at 08:54
checkout [StackOverflow Ans](https://stackoverflow.com/a/35588856/9640128) — Mohammed Ismail, Aug 08 '20 at 12:37

CORS policy: Response to preflight request doesn't pass access control check: Redirect is not allowed for a preflight request - AWS CloudFront

0 Answers0