-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: honour the AllowCredentials CORS option in SAM templates #2536
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
discorev
changed the title
Feature/cors allow credentials
Fixes: honour the AllowCredentials CORS option in SAM templates
Jan 17, 2021
hoffa
changed the title
Fixes: honour the AllowCredentials CORS option in SAM templates
fix: honour the AllowCredentials CORS option in SAM templates
Jan 17, 2021
hoffa
added
area/local/start-api
sam local start-api command
stage/pr
Has a PR ready for review
labels
Jan 17, 2021
hoffa
suggested changes
Jan 17, 2021
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some minor comments; overall looks great!
hoffa
approved these changes
Jan 17, 2021
c2tarun
approved these changes
Jan 19, 2021
mgrandis
approved these changes
Jan 19, 2021
Thanks @discorev; merged! |
14 tasks
mgrandis
added
the
stage/waiting-for-release
Fix has been merged to develop and is waiting for a release
label
Jan 19, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
area/cors
area/local/start-api
sam local start-api command
stage/pr
Has a PR ready for review
stage/waiting-for-release
Fix has been merged to develop and is waiting for a release
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Which issue(s) does this change fix?
#1645
Why is this change necessary?
This change is needed to complete an incomplete feature in the local API CORS implementation. Currently the
AllowCredentials
CORS option is ignored in the local API mock and blocks any local development that has a CORS requirement and needs theAccess-Control-Allow-Credentials
header to be set.How does it address the issue?
Whilst parsing CORS options for a REST API, the
AllowCredentials
option is parsed allowing for a boolean or quoted string value. If and only if this value is a representation of true, the header is set to the stringtrue
Whilst parsing CORS options for a Http API the
AllowCredentials
options is parsed only allowing for a boolean value (following the documentation). If this is set to true, the header is set to the stringtrue
The header is always output as a lower-cased string to be compliant with section 5.6 of RFC7480
There are no new dependancies introduced and this does not impact any other areas of functionality.
What side effects does this change have?
There are no side effects outside of having the
Access-Control-Allow-Credentials
header set when the template demands it.Checklist
make pr
passesmake update-reproducible-reqs
if dependencies were changedBy submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.