Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
[apigateway] Configured responseHeaders in apigateway.GatewayResponse doesn't work as documented and has no effect
See original GitHub issueConfigured responseHeaders in apigateway.GatewayResponse doesn’t work as documented and have no effect.
The documentation I refer to is this one: https://docs.aws.amazon.com/cdk/api/latest/docs/aws-apigateway-readme.html#gateway-response
Reproduction Steps
I adopted the documented example the following way:
this.apiGateway.addGatewayResponse('auth-denied-response', {
type: ResponseType.UNAUTHORIZED,
statusCode: '403',
templates: {
'application/json': '{ "message": "Forbidden!" }',
},
responseHeaders: {
'Access-Control-Allow-Origin': "*",
'test-key': "test-value",
},
});
a cdk deploy results in the following exception:
Invalid mapping expression specified: Validation Result: warnings : [], errors : [Invalid mapping expression specified: test-value] (Service: AmazonApiGateway; Status Code: 400; Error Code: BadRequestException; Request ID: 697f6eb4-6c79-490f-b1e6-0ebf566bd578; Proxy: null)
I am able to bypass the exception by surrounding values the header values with additional single-quotes:
responseHeaders: {
'Access-Control-Allow-Origin': "'*'",
'test-key': "'test-value'",
},
Thus, the deployment is going to be successful, but the two configured responseHeaders doesn’t appear in the response:
curl -i 'https://xxx.execute-api.eu-central-1.amazonaws.com/prod/books' \
-X 'POST' \
-H 'authority: xxx.execute-api.eu-central-1.amazonaws.com' \
-H 'accept: */*' \
-H 'access-control-request-method: POST' \
-H 'access-control-request-headers: authorization,content-type' \
-H 'origin: http://localhost:1234' \
-H 'user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36' \
-H 'sec-fetch-mode: cors' \
-H 'sec-fetch-site: cross-site' \
-H 'sec-fetch-dest: empty' \
-H 'referer: http://localhost:1234/' \
-H 'accept-language: de-DE,de;q=0.9,en-US;q=0.8,en;q=0.7' \
--compressed
HTTP/2 403
date: Thu, 05 Nov 2020 09:34:45 GMT
content-type: application/json
content-length: 27
x-amzn-requestid: abcd
x-amzn-errortype: UnauthorizedException
x-amz-apigw-id: efghi=
x-amzn-trace-id: Root=jklmn
{ "message": "Forbidden!" }%
What did you expect to happen?
I want to enable CORS for error responses.
What actually happened?
see reproduction steps above ☝️
Environment
- CLI Version : aws-cli/1.18.160 Python/3.8.5 Darwin/18.7.0 botocore/1.19.0
- Framework Version: 1.70.0
- Node.js Version: v13.12.0
- OS : macOS 10.14.6
- Language (Version): TypeScript (4.0.3)
Other
This is 🐛 Bug Report
Issue Analytics
- State:
- Created 3 years ago
- Reactions:4
- Comments:11 (3 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
@tmsimont if it helps, here’s how I got it working
Thanks, that helps. It seems that value is a special format called a “mapping expression” that is documented here: https://docs.aws.amazon.com/apigateway/latest/developerguide/request-response-data-mappings.html
It’s super annoying that they fail to mention that, and also provide an invalid example on this document: https://docs.aws.amazon.com/cdk/api/latest/docs/aws-apigateway-readme.html#gateway-response