[apigateway] Configured responseHeaders in apigateway.GatewayResponse doesn't work as documented and has no effect
See original GitHub issueConfigured responseHeaders
in apigateway.GatewayResponse
doesn’t work as documented and have no effect.
The documentation I refer to is this one: https://docs.aws.amazon.com/cdk/api/latest/docs/aws-apigateway-readme.html#gateway-response
Reproduction Steps
I adopted the documented example the following way:
this.apiGateway.addGatewayResponse('auth-denied-response', {
type: ResponseType.UNAUTHORIZED,
statusCode: '403',
templates: {
'application/json': '{ "message": "Forbidden!" }',
},
responseHeaders: {
'Access-Control-Allow-Origin': "*",
'test-key': "test-value",
},
});
a cdk deploy
results in the following exception:
Invalid mapping expression specified: Validation Result: warnings : [], errors : [Invalid mapping expression specified: test-value] (Service: AmazonApiGateway; Status Code: 400; Error Code: BadRequestException; Request ID: 697f6eb4-6c79-490f-b1e6-0ebf566bd578; Proxy: null)
I am able to bypass the exception by surrounding values the header values with additional single-quotes:
responseHeaders: {
'Access-Control-Allow-Origin': "'*'",
'test-key': "'test-value'",
},
Thus, the deployment is going to be successful, but the two configured responseHeaders
doesn’t appear in the response:
curl -i 'https://xxx.execute-api.eu-central-1.amazonaws.com/prod/books' \
-X 'POST' \
-H 'authority: xxx.execute-api.eu-central-1.amazonaws.com' \
-H 'accept: */*' \
-H 'access-control-request-method: POST' \
-H 'access-control-request-headers: authorization,content-type' \
-H 'origin: http://localhost:1234' \
-H 'user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36' \
-H 'sec-fetch-mode: cors' \
-H 'sec-fetch-site: cross-site' \
-H 'sec-fetch-dest: empty' \
-H 'referer: http://localhost:1234/' \
-H 'accept-language: de-DE,de;q=0.9,en-US;q=0.8,en;q=0.7' \
--compressed
HTTP/2 403
date: Thu, 05 Nov 2020 09:34:45 GMT
content-type: application/json
content-length: 27
x-amzn-requestid: abcd
x-amzn-errortype: UnauthorizedException
x-amz-apigw-id: efghi=
x-amzn-trace-id: Root=jklmn
{ "message": "Forbidden!" }%
What did you expect to happen?
I want to enable CORS for error responses.
What actually happened?
see reproduction steps above ☝️
Environment
- CLI Version : aws-cli/1.18.160 Python/3.8.5 Darwin/18.7.0 botocore/1.19.0
- Framework Version: 1.70.0
- Node.js Version: v13.12.0
- OS : macOS 10.14.6
- Language (Version): TypeScript (4.0.3)
Other
This is 🐛 Bug Report
Issue Analytics
- State:
- Created 3 years ago
- Reactions:4
- Comments:11 (3 by maintainers)
Top Results From Across the Web
Gateway responses in API Gateway - AWS Documentation
The response consists of an HTTP status code, a set of additional headers that are specified by parameter mappings, and a payload that...
Read more >Using Amazon Lambda with Amazon API Gateway
API Gateway provides tools for creating and documenting web APIs that route HTTP requests to Lambda functions. You can secure access to your...
Read more >Configuring AWS API Gateway | Crosswalk - Pulumi
Implement standard HTTP methods such as GET , POST , PUT , PATCH , and DELETE . Each API Gateway instance defines a...
Read more >REST API (API Gateway v1) - Serverless Framework
and allows you to configure your response (headers, status code, body) in the code of your AWS Lambda Function. Whereas, the lambda method...
Read more >The Complete Guide to Custom Authorizers with AWS ...
If your custom authorizer is fronting a single API Gateway resource or you are not caching your authorizer responses, the resource you specify ......
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
@tmsimont if it helps, here’s how I got it working
Thanks, that helps. It seems that value is a special format called a “mapping expression” that is documented here: https://docs.aws.amazon.com/apigateway/latest/developerguide/request-response-data-mappings.html
It’s super annoying that they fail to mention that, and also provide an invalid example on this document: https://docs.aws.amazon.com/cdk/api/latest/docs/aws-apigateway-readme.html#gateway-response