Skip to content

Commit

Permalink
feat(CORS): Set the CORS "Access-Control-Allow-Credentials" for local…
Browse files Browse the repository at this point in the history 
… running (#1648)
  • Loading branch information
@dkryptr @sanathkr
dkryptr authored and sanathkr committed Dec 9, 2019
1 parent fab0465 commit cd3ec84
Show file tree
Hide file tree
Showing 3 changed files with 14 additions and 4 deletions.
4 changes: 3 additions & 1 deletion samcli/commands/local/lib/provider.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -220,13 +220,14 @@ def binary_media_types(self):
return list(self.binary_media_types_set)


_CorsTuple = namedtuple("Cors", ["allow_origin", "allow_methods", "allow_headers", "max_age"])
_CorsTuple = namedtuple("Cors", ["allow_origin", "allow_methods", "allow_headers", "allow_credentials", "max_age"])


_CorsTuple.__new__.__defaults__ = (
None, # Allow Origin defaults to None
None, # Allow Methods is optional and defaults to empty
None, # Allow Headers is optional and defaults to empty
None, # Allow Credentials is optional and defaults to empty
None, # MaxAge is optional and defaults to empty
)

Expand All @@ -250,6 +251,7 @@ def cors_to_headers(cors):
"Access-Control-Allow-Origin": cors.allow_origin,
"Access-Control-Allow-Methods": cors.allow_methods,
"Access-Control-Allow-Headers": cors.allow_headers,
"Access-Control-Allow-Credentials": cors.allow_credentials,
"Access-Control-Max-Age": cors.max_age,
}
# Filters out items in the headers dictionary that isn't empty.
Expand Down
12 changes: 9 additions & 3 deletions samcli/commands/local/lib/sam_api_provider.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -111,10 +111,15 @@ def extract_cors(self, cors_prop):

allow_origin = self._get_cors_prop(cors_prop, "AllowOrigin")
allow_headers = self._get_cors_prop(cors_prop, "AllowHeaders")
allow_credentials = self._get_cors_prop(cors_prop, "AllowCredentials", is_string=False)
max_age = self._get_cors_prop(cors_prop, "MaxAge")

cors = Cors(
allow_origin=allow_origin, allow_methods=allow_methods, allow_headers=allow_headers, max_age=max_age
allow_origin=allow_origin,
allow_methods=allow_methods,
allow_headers=allow_headers,
allow_credentials=allow_credentials,
max_age=max_age,
)
elif cors_prop and isinstance(cors_prop, string_types):
allow_origin = cors_prop
Expand All @@ -128,12 +133,13 @@ def extract_cors(self, cors_prop):
allow_origin=allow_origin,
allow_methods=",".join(sorted(Route.ANY_HTTP_METHODS)),
allow_headers=None,
allow_credentials=None,
max_age=None,
)
return cors

@staticmethod
def _get_cors_prop(cors_dict, prop_name):
def _get_cors_prop(cors_dict, prop_name, is_string=True):
"""
Extract cors properties from dictionary and remove extra quotes.
Expand All @@ -147,7 +153,7 @@ def _get_cors_prop(cors_dict, prop_name):
A string with the extra quotes removed
"""
prop = cors_dict.get(prop_name)
if prop:
if prop and is_string:
if (not isinstance(prop, string_types)) or (not (prop.startswith("'") and prop.endswith("'"))):
raise InvalidSamDocumentException(
"{} must be a quoted string " '(i.e. "\'value\'" is correct, but "value" is not).'.format(prop_name)
Expand Down
2 changes: 2 additions & 0 deletions tests/unit/commands/local/lib/test_sam_api_provider.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -875,6 +875,7 @@ def test_provider_parse_cors_dict(self):
"AllowMethods": "'POST, GET'",
"AllowOrigin": "'*'",
"AllowHeaders": "'Upgrade-Insecure-Requests'",
"AllowCredentials": True,
"MaxAge": "'600'",
},
"DefinitionBody": {
Expand Down Expand Up @@ -917,6 +918,7 @@ def test_provider_parse_cors_dict(self):
allow_origin="*",
allow_methods=",".join(sorted(["POST", "GET", "OPTIONS"])),
allow_headers="Upgrade-Insecure-Requests",
allow_credentials=True,
max_age="600",
)
route1 = Route(path="/path2", methods=["POST", "OPTIONS"], function_name="NoApiEventFunction")
Expand Down

0 comments on commit cd3ec84

Please sign in to comment.