search

aws / aws-cdk

The AWS Cloud Development Kit is a framework for defining cloud infrastructure in code
https://aws.amazon.com/cdk
Apache License 2.0
11.55k stars 3.87k forks source link

fix(apigateway): set passthrough behavior to avoid errors on CORS preflight requests #31533

Open takeshixx opened 5 days ago

takeshixx commented 5 days ago

Set passthroughBehavior behavior to NEVER to prevent errors for CORS preflight requests with content-types other than application/json.

Issue # (if applicable)

This was reported as #18297, but it was closed without a fix.

Reason for this change

Using addCorsPreflight() will add a mock integration for OPTIONS requests and maps them to content-type application/json. OPTIONS requests with a content-type header other than application/json lead to HTTP 500 Internal Server Errors.

Description of changes

Setting the passthroughBehavior to NEVER returns a mime type error instead of a internal server error, which is the appropriate response.

It should be noted that this setting was proposed in the initial implementation of addCorsPreflight() in #906 already. However, it looks like it didn't make it into the CDK. Instead the default configuration is use, which sets it to WHEN_NO_MATCH.

Description of how you validated changes

I tested the change by manually overriding the passthroughBehavior on the LambdaRestApi resource:

lambdaRestApi.methods
      .filter((m) => m.httpMethod === 'OPTIONS')
      .forEach((om) => {
        om.node.children.forEach((c) => {
          const mm = c as apigw.CfnMethod;
          mm.addOverride('Properties.Integration.PassthroughBehavior', apigw.PassthroughBehavior.NEVER);
        });
      });

Checklist

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

aws-cdk-automation commented 5 days ago

AWS CodeBuild CI Report

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

sumupitchayan commented 2 days ago

@takeshixx can you take a look at the build logs to see why it's failing?

takeshixx commented 2 days ago

I talked to @paulhcsun, it seems to be the breaking changes to API Gateway. I mentioned it in #18297 as well. The reason is that it affects every call to addCorsPreflight().