Overwriting read-only Lambda@Edge headers

[UnderSampled]

Hooking up a Mangum lambda to CloudFront as EventType: origin-request returns a 502 response: "The Lambda function result failed validation: The function tried to add, delete, or change a read-only header."

According to the documentation, the Content-Length Header is one of the read-only headers for origin-request events. Not quite sure why. But it's certainly one of the headers returned when calling the lambda. I use the lambda to handle API requests, so it needs IncludeBody, which is only available with origin-request.

I was able to get around this by hijacking the response:

def handler(event, context):
    response = Mangum(app, lifespan="off")(event, context)
    if 'headers' in response:
        response['headers'].pop('content-length')
    return response

[jordaneremieff]

Thanks @UnderSampled for the report and example workaround. I won't be able to look into it myself at this time, but I would be willing to review and merge any PRs to address these rules in the handler itself.

[khamaileon]

Duplicate of: https://github.com/jordaneremieff/mangum/issues/143

[eidorb]

Including Content-Length in the exclude_headers parameter fixes this:

handler = Mangum(
    app,
    # Content-Length header is not allowed in Lambda@Edge responses.
    exclude_headers=["Content-Length"],
)

exclude_headers was introduced in #280.