Enable CORS configuration for APIGW #1703
Conversation
|
Really great work @patoncrispy! Thanks a lot! Could you please rebase your branch? We've made some changes in the past which seems to cause some conflicts. @eahefnawy could you review this? |
|
Thanks @pmuens! However, it's not quite finished. I need to add the preflight (OPTIONS) request so that the |
|
Awesome @patoncrispy! No hurry. Great to have you as a contributor! |
|
For those of you who want to do this manually while this is being implemented, do this: enable CORS via the AWS console and then create a new deployment
|
|
@patoncrispy could you give us a quick update on the status here? We would love to include this in the next release this week and would jump onto it in case you don't have enough time for it in the next days. Thanks for the contribution so far! |
|
Hey @flomotlik! I've just about finished. I've got the preflight stuff done, just need to write some tests for it and then actually build the binary and make sure it works as expected. In a few hours I'll update my pull request so you can see it. I was really hoping to get it finished last night but weekend ended up being busy. :( When do you want to do the next release? |
patoncrispy
force-pushed
the
feature/enable-cors
branch
3 times, most recently
from
baa026d to
51bf3f9
Compare
|
@patoncrispy awesome job. We're actually planning to release on Wednesday, so would like to merge tomorrow. Do you think this would work out? Happy to have someone from our team help out as well to make sure we can get this out the door by tomorrow. |
|
I think I'm just about good to go, but it's all theory until I can actually run it. I'm not sure how to use the binary in ./bin to test out what I've done. It can't see my global AWS credentials. Any tips on that? |
|
@patoncrispy you mean deploying serverless with the CORS integration, or what exactly would you like to test? I'm reaching out via email as well so we can talk directly. |
| if (typeof event.http.cors === 'object') { | ||
| // TODO - Some validation of cors object... | ||
| cors = event.http.cors; | ||
| cors.methods = cors.methods.map((m) => (m.toUpperCase())); |
There was a problem hiding this comment.
Got an exception here:
TypeError: cors.methods.map is not a function
at /app/lib/plugins/aws/deploy/compile/events/apiGateway/lib/methods.js:45:43
at Array.forEach (native)
at /app/lib/plugins/aws/deploy/compile/events/apiGateway/lib/methods.js:11:29
at /app/node_modules/lodash/lodash.js:4411:15
at baseForOwn (/app/node_modules/lodash/lodash.js:2654:24)
at /app/node_modules/lodash/lodash.js:4380:18
at Function.forEach (/app/node_modules/lodash/lodash.js:8634:14)
at AwsCompileApigEvents.compileMethods (/app/lib/plugins/aws/deploy/compile/events/apiGateway/lib/methods.js:10:7)
at AwsCompileApigEvents.tryCatcher (/app/node_modules/bluebird/js/release/util.js:16:23)
at Promise._settlePromiseFromHandler (/app/node_modules/bluebird/js/release/promise.js:504:31)
at Promise._settlePromise (/app/node_modules/bluebird/js/release/promise.js:561:18)
at Promise._settlePromise0 (/app/node_modules/bluebird/js/release/promise.js:606:10)
at Promise._settlePromises (/app/node_modules/bluebird/js/release/promise.js:685:18)
at Async._drainQueue (/app/node_modules/bluebird/js/release/async.js:138:16)
at Async._drainQueues (/app/node_modules/bluebird/js/release/async.js:148:10)
at Immediate.Async.drainQueues as _onImmediate
|
@patoncrispy tried to get it running, but it looks like there was an exception (added it). regarding the AWS keys do you have a profile configured in your aws credentials? if you can run something like One thing that is currently also missing are the docs, but if you don't have time for it we can take care of this. Thanks again for your time on this |
patoncrispy
force-pushed
the
feature/enable-cors
branch
from
51bf3f9 to
dbf257b
Compare
|
@flomotlik I've updated the docs and validation. I'm home on my Mac (work on Windows) so hopefully will have a better experience with testing. :) |
patoncrispy
force-pushed
the
feature/enable-cors
branch
from
dbf257b to
89a5cfc
Compare
|
@flomotlik It all worked great on my Mac! :) Had one or two issues that I have now resolved and it all works nicely. Keen for someone to inspect it though. It's pretty late and I'm pretty wrecked. Will be around tomorrow, too. |
|
@patoncrispy which commands did you use to test this? I've tried testing it with curl but I consistently get {"message": "Internal server error"} Could you add the test commands you've used to test this? |
patoncrispy
force-pushed
the
feature/enable-cors
branch
from
89a5cfc to
c5a9592
Compare
|
@flomotlik Erm, that's exactly what I ran. Unfortunately, I was too tired to notice the status code! It was because I hadn't added the Integration RequestTemplate, so that is now in there. This worked for me: |
|
@patoncrispy I tried it today a few times as well and I can deploy it once, but when I update the endpoint (e.g update the method of the api endpoint or the headers or the allowed origins) it is always returning the same cached response. It is updated in API Gateway though, so the Mock itself is properly configured, its just cached somewhere along the lines. Tried different things from setting headers to other stuff but couldn't get out of the caching problem. Could you try this as well, deploy an endpoint, update something and run it again to check if you're actually getting an updated response or not? Works totally fine after removing and deploying again. Here are the function descriptions I used: |
| ```yml | ||
| functions: | ||
| hello: | ||
| events: |
There was a problem hiding this comment.
the function needs the handler config to be set: handler: handler.hello
|
@flomotlik Ah weird. Looking into it now. Will let you know how I get on. Getting there though! :) WIll update docs too. :) |
patoncrispy
force-pushed
the
feature/enable-cors
branch
from
c5a9592 to
3f8fb4e
Compare
|
Hey @flomotlik! I've been looking into it and it seems that when I run |
|
@flomotlik It seems like it's all hands on deck, but if I can help in anyway, please let me know! |
|
@patoncrispy you've put a lot of effort into this! 👍 Thanks a lot for your contribution |
|
Thanks @eahefnawy! Gotta find another issue to work on now. :) Also, any advice or criticism would be greatly appreciated! |
| const corsMethodResponseTemplate = `${allowOrigin} : ${allowOrigin}`; | ||
| const corsMethodIntegrationTemplate = | ||
| corsEnabled ? `${allowOrigin}: "'${cors.origins.join(',')}'"` : ''; | ||
|
|
There was a problem hiding this comment.
Seems like this code snippet runs whether there's cors configured or not. So even for endpoints that doesn't have cors enabled they'd have this ResponseParameters:
"method.response.header.Access-Control-Allow-Origin" : "method.response.header.Access-Control-Allow-Origin"
Maybe I'm missing something, but this looks a bit hacky. If no cors are configured, this header shouldn't exist in the response right?
|
@patoncrispy I played with your branch today and it seems to be working great! Thank a lot I have just a tiny comment/question above about setting the response header. But other than that I think this PR is G2M 💥 |
| ```yml | ||
| functions: | ||
| hello: | ||
| handler: handler.hello |
There was a problem hiding this comment.
Could you nest the handler inside the function hello?
|
@patoncrispy thanks for this PR. Really love it that we soon have CORS support thanks to you 💃 ! Added a few comments. Other than that it's GTM from my side |
|
@eahefnawy @pmuens Argh! Amateur hour. 😞 I'll get these tidied up this evening and push 'em. Clearly couldn't find my fine-toothed comb that day! :) |
Updated readme Fixed RequestTemplates issue. Added statusCode response to Options Request template. Added X-Amz-Security-Token header and updated tests, too. Manual test works. Updated unit tests, too. Added documentation and some validation. Updated tests to check each header. All passing. Added preflight config. Need to write tests. Adds origin header to method. Tests pass. Need preflight added, too. Setup basic cors assignement. Experimenting with configuration setup.
patoncrispy
force-pushed
the
feature/enable-cors
branch
from
3f8fb4e to
a5587c2
Compare
|
@pmuens @eahefnawy I've updated stuff! Would you mind taking a look and seeing if things are OK now? On the readme changes, I initially just copied one of the other configuration examples to keep with the readme style, so it may be worth checking that some of the other examples are as desired. |
| handler: handler.hello | ||
| events: | ||
| - http: | ||
| path: user/create |
There was a problem hiding this comment.
This needs another 2 spaces for indentation.
YAML is nasty sometimes (I faced the exact same problem recently) and IMHO I would like this syntax more than adding 2 more spaces.
Here's an example of the difference between the two different indentations.
- http:
path: users/create
method: get
translates to:
[
{
"http": null,
"path": "users/create",
"method": "get"
}
]
Whereas
- http:
path: users/create
method: get
translates to
[
{
"http": {
"path": "users/create",
"method": "get"
}
}
]
|
Hey @patoncrispy thank you so much for your hard work! I've just added two comments regarding YAML indentation (sorry for being that pedantic...). I'll pull your PR and test it the upcoming hours. Will report back once I'm ready. Great work 🎉 |
|
@patoncrispy just noticed that it's planned to merge this PR into the We're now working directly on |
| let path; | ||
| let corsEnabled = false; | ||
|
|
||
| const headers = [ |
There was a problem hiding this comment.
Can you move this const headers and the let cors below into the if (!!event.http.cors) section below so that the variables are only created when CORS is enabled?
|
@patoncrispy Just tested it locally. Just added a few more comments. If those are resolved and @flomotlik and @eahefnawy also took a look it's GTM (IMO) once opened for the |
| handler: handler.hello | ||
| events: | ||
| - http: | ||
| path: user/create |
There was a problem hiding this comment.
Same indentation fix here.
|
@pmuens, to create the pull request on |
|
Yes, rebasing this branch on top of the master branch is the cleanest solution IMHO. But I'm not sure if this won't introduce other commits from the history as well (I believe we had a similar issue recently where some PRs needed to be reopenend so that we can get rid of those creeped in commits). Maybe @flomotlik can share his thought about this in short here as he's identified the problem recently. |
|
@patoncrispy @pmuens rebase or merge master into this branch are both fine with me. Rebases and force pushes sometimes lead to issues with Github |
|
@pmuens @flomotlik OK. I've rebased onto latest master and it all seems OK. However, if I push this branch it will update this PR. Should I just close this PR and open a new one? What's the best way to proceed here? Thanks! 😃 |
|
Great @patoncrispy! Yes, the best would be to open up a new one which points to the |
PR for Issue #1596
Status:
In Development
Description:
I've added the origin headers to the methods that require it and the tests pass for those. Still need to add the preflight (OPTIONS) method as required. I was thinking that I should probably set this at the Resource level, as the preflight request needs to be able to assign the allow-methods setting, so will need to have a global view of all the methods that have CORS configurations applied. Feedback VERY welcome at this point! :)
Todos: