Closed aaronvanston closed 2 years ago
Please note, this error could have occurred on the previous version prior to 0.37.0
, this just happens to be the version we upgraded to and the issue arose. We're currently stable on version 0.36.2
in production with no issue.
@viperfx I know you ran into this back in the day and we added support. Do you have any thoughts about this?
Here's an Issue and PR about this related to Auth specifically:
So because Vercel uses aws and this behavior is part of api gateway - the base64 encoding part I mean.
However, I've never seen it being undefined.
@dthyresson and I have confirmed this is an issue, specific to vercel deploys. Thank you very much for the reproduction. We will fix for next patch!
Confirming that this has been fixed!
e.g.
curl -X "OPTIONS" "https://cors-options-test-5rgrdffw2-redwoodjs.vercel.app/api/graphql"
Fantastic, thanks @dac09! 🎉
Hey team,
I've come across an issue with base64 decoding of an empty event body, affecting Redwood instances deployed to Vercel on version 0.37.0 and up.
Overview
This issue is very similar to #3309 in which Vercel says the event body is encoded even if the event body is empty. This typically occurs when a preflight/
OPTIONS
call happens from a remote server, the body is left empty. This check will fail and the browser will interpret this as failed CORS as the function exited before setting the correct response headers.This affects any use of the GraphQL function from a remote server, despite correct CORS settings. Applies to instances with and without auth set-ups.
I believe it fails on the execution of this function:
https://github.com/redwoodjs/redwood/blob/main/packages/graphql-server/src/functions/graphql.ts#L50-L56
The server will return:
Steps to reproduce
This should fail on the OPTIONS call to the server with chrome reporting a CORS error.
Vercel event body
I intercepted the failing Vercel event before it hit the GraphQL handler, and the event body consisted of:
In this instance, you can see Vercel has marked it as base64 encoded at the same time it's
undefined
.Extrapolating the
parseEventBody
function, and running this with anundefined
body returns the same error:Public Example
I've created and publically hosted brand new instances of a Redwood API/Web (version 0.39.4) and a separate NextJS application calling the Redwood API.
Redwood: Repo: https://github.com/aaronvanston/rw-vercel-test URL: https://rw-vercel-test.vercel.app/
NextJS UI: Repo: https://github.com/aaronvanston/nextjs-ui-rw-test URL: https://nextjs-ui-rw-test.vercel.app/
If you visit the NextJS UI, I've set up a call to the Redwood API that triggers on page load. You can inspect your network and see it fails with a CORS error.
I believe the fix, is similar to that #3309 if I'm not mistaken? Users affected would be those deploying to Vercel and calling the Redwood API from an external source, potentially not a common use case?
Temporary fix
I've managed to put in a hacky fix that behaves like a middleware for the event and sends through an empty encoded object if the body is
undefined
.Where
rwGqlHandler
is the original handler within thegraphql.{ts|js}
function file.This fixes the issue but is quite hacky.