Open dlaudams opened 10 months ago
The ability to match origins using regular expressions was removed with this change:
https://github.com/aws/aws-cdk/issues/26623
This causes a breaking change for Core origins relying on that behaviour.
A use case is matching a prefix/wildcard origin, for example, *.example.com -> /https:\/\/.+\.example\.com/
*.example.com
/https:\/\/.+\.example\.com/
The ability to match wildcard origins.
e.g., https://*.example.com
https://*.example.com
https://github.com/aws/aws-cdk/blob/7264121edb10feca6d4c2bce359138deb62bdf79/packages/aws-cdk-lib/aws-apigateway/lib/resource.ts#L326C1-L326C76
Only * wildcard or exact origins are allowed.
*
This prevents prefix matching of origins.
const api = new apigw.RestApi(stack, 'cors-api-test', { defaultCorsPreflightOptions: { allowOrigins: ['https://*.amazon.com', 'https://twitch.tv'], }, });
Produces response template:
#set($origin = $input.params().header.get("Origin")) #if($origin == "") #set($origin = $input.params().header.get("origin")) #end #if($origin == "https://*.amazon.com") || $origin == "https://twitch.tv") #set($context.responseOverride.header.Access-Control-Allow-Origin = $origin) #end'
const condition = origins.map(wildcardPrefixToRegex).map(regex => `$origin.matches("${regex}")`).join(' || '); ... function wildcardPrefixToRegex(glob) { // replace '.' with '\.' // replace '*' with '.+' }
#set($origin = $input.params().header.get("Origin")) #if($origin == "") #set($origin = $input.params().header.get("origin")) #end #if($origin.matches("https://.+\.amazon\.com") || $origin.matches("https:\/\/twitch\.tv")) #set($context.responseOverride.header.Access-Control-Allow-Origin = $origin) #end'
No response
2.115.0 (build 58027ee)
v18.14.0.
n/a
TypeScript
We changed its behavior on https://github.com/aws/aws-cdk/pull/26648 because of potential security concern as it was never intended to work as a regex. We need to improve the document on it though.
Describe the bug
The ability to match origins using regular expressions was removed with this change:
https://github.com/aws/aws-cdk/issues/26623
This causes a breaking change for Core origins relying on that behaviour.
A use case is matching a prefix/wildcard origin, for example,
*.example.com
->/https:\/\/.+\.example\.com/
Expected Behavior
The ability to match wildcard origins.
e.g.,
https://*.example.com
https://github.com/aws/aws-cdk/blob/7264121edb10feca6d4c2bce359138deb62bdf79/packages/aws-cdk-lib/aws-apigateway/lib/resource.ts#L326C1-L326C76
Current Behavior
Only
*
wildcard or exact origins are allowed.This prevents prefix matching of origins.
Reproduction Steps
Produces response template:
Possible Solution
Produces response template:
Additional Information/Context
No response
CDK CLI Version
2.115.0 (build 58027ee)
Framework Version
No response
Node.js Version
v18.14.0.
OS
n/a
Language
TypeScript
Language Version
No response
Other information
No response