search

aws / aws-sam-cli

CLI tool to build, test, debug, and deploy Serverless applications using AWS SAM
https://aws.amazon.com/serverless/sam/
Apache License 2.0
6.51k stars 1.17k forks source link

sam local does not accept additional quotes in CORS configuration #1381

Closed stalar closed 4 years ago

stalar commented 5 years ago

Description

According to https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#cors-configuration CORS configuration strings should have an extra pair of quotes like this:

Cors:
  AllowMethods: "'OPTIONS,GET,POST,DELETE'"
  AllowHeaders: "'X-Forwarded-For'"
  AllowOrigin: "'*'"

Running sam local start-api with a template containing the above gives me: Error: The method 'OPTIONS is not a valid CORS method. (notice the dangling quote).

Steps to reproduce

Add the Cors configuration above to an API definition. Run sam local start-api.

Sample template: 

AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Resources:
  HelloApi:
    Type: AWS::Serverless::Api
    Properties:
      StageName: prod
      Cors: 
        AllowOrigin: "'*'"
        AllowMethods: "'OPTIONS,HEAD,GET,PUT,POST'"
        AllowHeaders: "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'"
  HelloWorldFunction:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: hello-world/
      Handler: app.lambdaHandler
      Runtime: nodejs10.x
      Events:
        HelloWorld:
          Type: Api
          Properties:
            Path: /hello
            Method: get
            RestApiId: 
              Ref: HelloApi

Observed result

$ sam --debug local start-api
Error: The method 'OPTIONS is not a valid CORS method

If I remove the extra singe quotes in AllowMethods, sam local start-api works as expected, but then I cannot deploy the template.

Expected result

Expected a running API with CORS enabled.

Additional environment details (Ex: Windows, Mac, Amazon Linux etc)

  1. OS: macOS 10.14.6
  2. sam --version: SAM CLI, version 0.21.0
sriram-mv commented 5 years ago

Ah, good catch! Looks like we actually test similar to way you reported it. https://github.com/awslabs/aws-sam-cli/blob/develop/tests/integration/testdata/start_api/swagger-template.yaml

iceback commented 5 years ago

sam --version SAM CLI, version 0.19.0 on ubuntu18.04 with this template (sorry the formatting goes away under code insert !? but it's properly formatted according emacs yaml mode) I do NOT see the issue (no error with or without single quotes, however the Cors: directive does not take effect (see error at bottom)

Resources: SGSApi: Type: AWS::Severless::Api Properties: Cors: AllowMethods: "'*'" AllowHeaders: "'OPTIONS,HEAD,GET,PUT,POST'" AllowOrigin: "'http://localhost:4200'" PedigreeFunction: Type: AWS::Serverless::Function Properties: CodeUri: ./lambda-scripts/get-pedigrees.py Handler: app.lambda_handler Runtime: python3.7 Events: FilePairs: Type: Api Properties: Path: /pedigree Method: GET

Access to XMLHttpRequest at 'http://localhost:3000/pedigree' from origin 'http://localhost:4200' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

iceback commented 5 years ago

OK, I just upgraded to v 0.21.0 and bumped into similar issue as OP. This Cors: element

Globals: Function: Timeout: 3 Api: Cors: AllowMethods: "'*'" AllowHeaders: "'OPTIONS,HEAD,GET,PUT,POST'" AllowOrigin: "'http://localhost:4200'"

lead to this error msg

sam --debug local start-api Error: The method '*' is not a valid CORS method

removing the single quotes allows sam to start but I still cannot configure Cors: effectively

sam --debug local start-api Mounting FilePairsFunction at http://127.0.0.1:3000/file-pairs [GET, OPTIONS] Mounting PedigreeFunction at http://127.0.0.1:3000/pedigree [GET, OPTIONS] You can now browse to the above endpoints to invoke your functions. You do not need to restart/reload SAM CLI while working on your functions, changes will be reflected instantly/automatically. You only need to restart SAM CLI if you update your AWS SAM template 2019-08-29 13:29:48 * Running on http://127.0.0.1:3000/ (Press CTRL+C to quit) 2019-08-29 13:30:06 127.0.0.1 - - [29/Aug/2019 13:30:06] "OPTIONS /pedigree HTTP/1.1" 200 -

My template.yaml:

AWSTemplateFormatVersion: '2010-09-09' Transform: AWS::Serverless-2016-10-31 Description: > ppr-app Template for ppr aws app

More info about Globals: https://github.com/awslabs/serverless-application-model/blob/master/docs/globals.rst

Globals: Function: Timeout: 3 Api: Cors: AllowMethods: "*" AllowHeaders: "'OPTIONS,HEAD,GET,PUT,POST'" AllowOrigin: "'http://localhost:4200'" Resources: FilePairsFunction: Type: AWS::Serverless::Function Properties: CodeUri: ./lambda-scripts/analyze-file-pairs.py Handler: app.lambda_handler Runtime: python3.7 Events: FilePairs: Type: Api Properties: Path: /file-pairs Method: GET PedigreeFunction: Type: AWS::Serverless::Function Properties: CodeUri: ./lambda-scripts/get-pedigrees.py Handler: app.lambda_handler Runtime: python3.7 Events: FilePairs: Type: Api Properties: Path: /pedigree Method: GET

me2resh commented 5 years ago

Running through the exact issue after upgrading to SAM CLI, version 0.21.0

Getting 

Error: The method 'GET is not a valid CORS method

for CORS configurations:


Globals:
  Api:
    Cors:
      AllowMethods: "'GET,POST,OPTIONS'"
      AllowHeaders: "'content-type'"
      AllowOrigin: "'*'"
      AllowCredentials: "'*'"
jfuss commented 4 years ago

Closing as this was released in v0.22.0