feat(event_handler): allow multiple CORS origins

[rubenfonseca]

Issue number: #1006

Summary

Changes

Please provide a summary of what's being changed

This PR adds support for additional origins for CORS. It also changes the behavior to never return Origin information outside of a CORS request.

User experience

Please share what the user experience looks like before and after this change

NOTE: this PR changes the default behavior when a non-CORS request is sent. Previously, we would return the configured Origin as part of the response. Now we only do it if there's an Origin in the request and it matches one of the allowed origins. Should we do something about this?

Checklist

If your change doesn't seem to apply, please leave them unchecked.

• Meet tenets criteria
• I have performed a self-review of this change
• Changes have been tested
• Changes are documented
• PR title follows conventional commit semantics

Is this a breaking change?

RFC issue number:

Checklist:

• Migration process documented
• Implement warnings (if it can live side by side)

Acknowledgment

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

Disclaimer: We value your time and bandwidth. As such, any pull requests created on non-triaged issues might not be successful.

[codecov-commenter]

Codecov Report

Patch coverage: 100.00% and no project coverage change.

Comparison is base (eb3e795) 97.46% compared to head (3ca9aaf) 97.46%.

Additional details and impacted files

@@           Coverage Diff            @@
##           develop    #2279   +/-   ##
========================================
  Coverage    97.46%   97.46%           
========================================
  Files          149      149           
  Lines         6895     6901    +6     
  Branches       506      509    +3     
========================================
+ Hits          6720     6726    +6     
  Misses         137      137           
  Partials        38       38           

Impacted Files	Coverage Δ
aws_lambda_powertools/event_handler/api_gateway.py	100.00% <100.00%> (ø)
...lambda_powertools/utilities/data_classes/common.py	100.00% <100.00%> (ø)

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

[leandrodamascena]

I tested this with several scenarios, resolvers and origins and in all of them it worked perfectly! You are truly amazing, Ruben!

I made some comments and after you answer them I think we are ready to merge!!

[leandrodamascena]

Ruben, please add the extra_origins field in the table below.

How about adding a new tab with an example to show how to use this new field? What do you think?

[heitorlessa]

Maybe I'm dizzy in the taxi but this reads odd, perhaps what you meant was:

Multiple origins?

If you need to allow multiple origins ...

As in, Allow-Origins is an explicit CORS terminology, but here we can be more flexible in wording

[heitorlessa]

Some tiny suggestions but looks great!

[heitorlessa]

origin: str = ""?

Annotation says it's optional but we are not setting a default value.

You can drop the Optional (None), and simply set to an empty str

[rubenfonseca]

Does this mean I would have to compare if origin == "" later on instead of not origin? Doesn't it sound wrong?

[rubenfonseca]

TIL not will eventually translate to __bool__, so it works for empty strings too

[rubenfonseca]

I've changed my mind again and I believe it's better to keep the Optional. Reason is, the caller will try to fetch an Origin from the headers. The Origin is not always present, so mypy would complain that I can't pass an Optional to the to_dict. So I think in this case the Optional makes sense.

[heitorlessa]

Maybe I'm dizzy in the taxi but this reads odd, perhaps what you meant was:

Multiple origins?

If you need to allow multiple origins ...

As in, Allow-Origins is an explicit CORS terminology, but here we can be more flexible in wording

[rubenfonseca]

As promised, added E2E tests.

[leandrodamascena]

I ran the end2end test on this branch and everything is working as expected, Ruben! There are some random bugs at specific runtimes, but they are known bugs and nothing related to this change. - https://github.com/awslabs/aws-lambda-powertools-python/actions/runs/5006899451/jobs/8972788300

One more amazing work, dude!!!