Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug: ALB with multiValueHeaders will not return correct CORS headers in OPTIONS preflight #4327

Closed
Wurstnase opened this issue May 14, 2024 · 4 comments · Fixed by #4385
Closed

Bug: ALB with multiValueHeaders will not return correct CORS headers in OPTIONS preflight #4327

Wurstnase opened this issue May 14, 2024 · 4 comments · Fixed by #4385
Assignees
@leandrodamascena
Labels
bug Something isn't working event_handlers

Comments

@Wurstnase
Copy link
Contributor

Wurstnase commented May 14, 2024
edited
Loading

Expected Behaviour

An OPTIONS preflight should return all "Access-Control-*" headers.

Current Behaviour

powertools-lambda-python/aws_lambda_powertools/event_handler/api_gateway.py

Line 2132 in 87d580a

headers.update(self._cors.to_dict(self.current_event.get_header_value("Origin")))

will only fetch "headers" from the event. This will return None in an ALBEvent with multiValueHeaders enabled.

Code snippet

cors = CORSConfig(
    allow_origin="*",
    allow_credentials=True,
)

app = ALBResolver(cors=cors)

Possible Solution

_origin_header = self.current_event.resolved_headers_field.get("origin")  # case insensitive?!?
_origin = _origin_header if isinstance(_origin_header, str) else _origin_header.pop(None)
headers.update(self._cors.to_dict(_origin))

Steps to Reproduce

curl -X OPTIONS https://xxx.amazonaws.com -H "origin: http://example.com"

... snip
< HTTP/2 204
< server: awselb/2.0
< date: Tue, 14 May 2024 09:06:13 GMT
< access-control-allow-methods: CONNECT,DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT,TRACE

Powertools for AWS Lambda (Python) version

latest

AWS Lambda function runtime

3.12

Packaging format used

Lambda Layers

Debugging logs

No response
@Wurstnase Wurstnase added bug Something isn't working triage Pending triage from maintainers labels May 14, 2024
@leandrodamascena
Copy link
Contributor

Hi @Wurstnase! Thanks for opening this issue! I'm adding this to the backlog and an alert on my calendar to check next week.

@leandrodamascena leandrodamascena removed the triage Pending triage from maintainers label May 18, 2024
@leandrodamascena leandrodamascena self-assigned this May 18, 2024
@leandrodamascena leandrodamascena mentioned this issue May 21, 2024
Merged
7 tasks
@leandrodamascena leandrodamascena linked a pull request May 21, 2024 that will close this issue
fix(event_handler): CORS Origin for ALBResolver multi-headers #4385
Merged
7 tasks
@leandrodamascena
Copy link
Contributor

Hey @Wurstnase! I created a PR to fix this issue - #4385

Thanks for bringing an idea on how to solve this problem. I had to make some additional debugging to ensure that it works with all of our Resolvers. The fix allows us to handle both single and multi-header scenarios without any issues.

Can you pls review the PR and let me know if you have any other feedback. I'm looking forward to getting this fix merged and deployed to production. 🚀

@leandrodamascena leandrodamascena moved this from Backlog to Pending review in Powertools for AWS Lambda (Python) May 21, 2024
@github-project-automation github-project-automation bot moved this from Pending review to Coming soon in Powertools for AWS Lambda (Python) May 22, 2024
@github-actions GitHub Actions
Copy link
Contributor

⚠️COMMENT VISIBILITY WARNING⚠️

This issue is now closed. Please be mindful that future comments are hard for our team to see.

If you need more assistance, please either tag a team member or open a new issue that references this one.

If you wish to keep having a conversation with other community members under this issue feel free to do so.

@github-actions github-actions bot added the pending-release Fix or implementation already in dev waiting to be released label May 22, 2024
@heitorlessa heitorlessa moved this from Coming soon to Shipped in Powertools for AWS Lambda (Python) Jun 10, 2024
@heitorlessa heitorlessa moved this from Shipped to Coming soon in Powertools for AWS Lambda (Python) Jun 10, 2024
@github-actions GitHub Actions
Copy link
Contributor

This is now released under 2.39.0 version!

@github-actions github-actions bot removed the pending-release Fix or implementation already in dev waiting to be released label Jun 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@leandrodamascena leandrodamascena

Labels
bug Something isn't working event_handlers
Projects
Powertools for AWS Lambda (Python)
Status: Coming soon
Milestone
No milestone
2 participants
@leandrodamascena @Wurstnase