question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

[apigateway] Configured responseHeaders in apigateway.GatewayResponse doesn't work as documented and has no effect

See original GitHub issue

Configured responseHeaders in apigateway.GatewayResponse doesn’t work as documented and have no effect.

The documentation I refer to is this one: https://docs.aws.amazon.com/cdk/api/latest/docs/aws-apigateway-readme.html#gateway-response

Reproduction Steps

I adopted the documented example the following way:

    this.apiGateway.addGatewayResponse('auth-denied-response', {
      type: ResponseType.UNAUTHORIZED,
      statusCode: '403',
      templates: {
        'application/json': '{ "message": "Forbidden!" }',
      },
      responseHeaders: {
        'Access-Control-Allow-Origin': "*",
        'test-key': "test-value",
      },
    });

a cdk deploy results in the following exception:

Invalid mapping expression specified: Validation Result: warnings : [], errors : [Invalid mapping expression specified: test-value] (Service: AmazonApiGateway; Status Code: 400; Error Code: BadRequestException; Request ID: 697f6eb4-6c79-490f-b1e6-0ebf566bd578; Proxy: null)

I am able to bypass the exception by surrounding values the header values with additional single-quotes:

      responseHeaders: {
        'Access-Control-Allow-Origin': "'*'",
        'test-key': "'test-value'",
      },

Thus, the deployment is going to be successful, but the two configured responseHeaders doesn’t appear in the response:

curl -i 'https://xxx.execute-api.eu-central-1.amazonaws.com/prod/books' \
  -X 'POST' \
  -H 'authority: xxx.execute-api.eu-central-1.amazonaws.com' \
  -H 'accept: */*' \
  -H 'access-control-request-method: POST' \
  -H 'access-control-request-headers: authorization,content-type' \
  -H 'origin: http://localhost:1234' \
  -H 'user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36' \
  -H 'sec-fetch-mode: cors' \
  -H 'sec-fetch-site: cross-site' \
  -H 'sec-fetch-dest: empty' \
  -H 'referer: http://localhost:1234/' \
  -H 'accept-language: de-DE,de;q=0.9,en-US;q=0.8,en;q=0.7' \
  --compressed
HTTP/2 403
date: Thu, 05 Nov 2020 09:34:45 GMT
content-type: application/json
content-length: 27
x-amzn-requestid: abcd
x-amzn-errortype: UnauthorizedException
x-amz-apigw-id: efghi=
x-amzn-trace-id: Root=jklmn

{ "message": "Forbidden!" }%

What did you expect to happen?

I want to enable CORS for error responses.

What actually happened?

see reproduction steps above ☝️

Environment

  • CLI Version : aws-cli/1.18.160 Python/3.8.5 Darwin/18.7.0 botocore/1.19.0
  • Framework Version: 1.70.0
  • Node.js Version: v13.12.0
  • OS : macOS 10.14.6
  • Language (Version): TypeScript (4.0.3)

Other


This is 🐛 Bug Report

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Reactions:4
  • Comments:11 (3 by maintainers)

github_iconTop GitHub Comments

17reactions
anttispitkanencommented, Mar 15, 2021

@tmsimont if it helps, here’s how I got it working

/**
 * Gateway response
 *
 * IF the lambda authorizer returns fail, especially when the token has expired,
 * there might by default be a CORS error instead of a 403 Forbidden, preventing
 * the frontends from doing automatic redirect to login.
 *
 * To avoid that we configure a custom gateway response with CORS enabled for all
 * origins.
 */
apiGateway.addGatewayResponse('GatewayResponse', {
  type: ResponseType.ACCESS_DENIED,
  statusCode: '403',
  responseHeaders: {
    // Note the quoting around the header value:
    // https://blog.ilearnaws.com/2020/05/27/error-unable-to-put-integration-response-on-options-for-resource-at-path/
    'Access-Control-Allow-Origin': "'*'", // <--- SEE THIS LINE
  },
});
11reactions
tmsimontcommented, Mar 17, 2021

Thanks, that helps. It seems that value is a special format called a “mapping expression” that is documented here: https://docs.aws.amazon.com/apigateway/latest/developerguide/request-response-data-mappings.html

It’s super annoying that they fail to mention that, and also provide an invalid example on this document: https://docs.aws.amazon.com/cdk/api/latest/docs/aws-apigateway-readme.html#gateway-response

Read more comments on GitHub >

github_iconTop Results From Across the Web

Gateway responses in API Gateway - AWS Documentation
The response consists of an HTTP status code, a set of additional headers that are specified by parameter mappings, and a payload that...
Read more >
Using Amazon Lambda with Amazon API Gateway
API Gateway provides tools for creating and documenting web APIs that route HTTP requests to Lambda functions. You can secure access to your...
Read more >
Configuring AWS API Gateway | Crosswalk - Pulumi
Implement standard HTTP methods such as GET , POST , PUT , PATCH , and DELETE . Each API Gateway instance defines a...
Read more >
REST API (API Gateway v1) - Serverless Framework
and allows you to configure your response (headers, status code, body) in the code of your AWS Lambda Function. Whereas, the lambda method...
Read more >
The Complete Guide to Custom Authorizers with AWS ...
If your custom authorizer is fronting a single API Gateway resource or you are not caching your authorizer responses, the resource you specify ......
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found