New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for HttpApi cors configuration #1153
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @qswinson - looks good overall, it seems to have a small conflict with current master though - do you think you could rebase your changes on top of current master so we could merge it? Thanks in advance 🙇
Was just about to submit the PR for a similar CORS issue (#1213), when I found this. Very elegant solution, however is does not address the scenarios in #1213 - CORS headers getting applied when they shouldn't. This is because the CORS headers are always being applied regardless of whether the @qswinson I'll try and merge my changes into yours tonight, but I may need your help to confirm that my changes do not break the functionality you are trying to create. Cheers, |
@qswinson PR #1215 fixes headers when the All of your new Jest tests from this PR still work in #1215, but if you have the time, can you try out the changes in PR #1215 (bryanvaz/serverless-offline#http-api-cors) and make sure the functionality you expect is still there. Cheers, |
@bryanvaz My concern with the way you fixed #1213 breaks existing functionality for current users. If you have a REST API from Api Gateway the only way to specify CORS options is on the function level. Since there is no explicit route or backing function for these OPTIONS requests, work arounds had to be made to enable the correct CORS response. This is currently done with the If you remove the ability to use these settings, then people using REST APIs or just a single HTTP API with a CORS definition will have no way to proceed until someone else solves the function level CORS issue. |
Hi @qswinson, That was my initial concern as well, till I realized the I laughed pretty hard when I realized each event type uses separate This also means, that the only scenario we have to be concerned with is whether However I'd hate to have accidentally broken your intended functionality without realizing it. Since you're obviously a heavy user of the Cheers, (The cats are now napping because they got mackerel for breakfast and couldn't be bothered what I'm up to) |
Can you provide a link to where the |
Hi @qswinson , Websocket is https://github.com/dherault/serverless-offline/blob/master/src/events/websocket/HttpServer.js If I got that super wrong, let me know (that's why I need that second pair of eyes). If so, I'll have to move the the REST auto CORS logic to the Regardless @pgrzesik, I think you should probably merge this PR; that way we are not trying to balance 3 pending PRs on the same file. Cheers, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you @qswinson - it looks really good 👍
Description
Added support for HttpApi CORS configuration from the serverless.yml file. This supports serverless CORS settings (documentation found here: https://www.serverless.com/framework/docs/providers/aws/events/http-api#cors-setup). Either the default values will be provided if
cors: true
is set or the access control headers that are specified in the serverless.yml file will be used.Motivation and Context
The current code base only supports passing in additional CLI arguments to support CORS. With the addition of HttpApi from AWS Api Gateway and its built in support for CORS, the new settings should be used from the serverless.yml file instead.
How Has This Been Tested?
I have added integration tests for both the default
cors: true
setting and integration tests for custom access control settings.Screenshots (if appropriate):