Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

defaultMethodOptions should be selectively applied to CORS OPTIONS method

See original GitHub issue

Tl;DR

defaultMethodOptions should exclude options method by default or at least have an option to do that.

LambdaRestApi has defaultMethodOption, when it is specified, it gets applied to all methods for given api resource. which is awesome but doesn’t work when CORS is involved.

Take this simple example, where I want all the methods to require x-api-key api key so I specify

defaultMethodOption: {
  apiKeyRequired: true
}

On top of this I also want CORS to be enabled on all api resources so in LambdaRestApi I also specify this


defaultCorsPreflightOptions : {
  ... cors options 
}

Because of defaultCorsPreflightOptions an additional method will be created for all my resources to support CORS but because defaultMethodOption applies on all methods, options will also have apiKeyRequired , which it shouldn’t.

Environment

CLI Version : 1.38
Framework Version: 1.38
Node.js Version: 12 -->
OS :
Language (Version): TypeScript (3.8.3) -->

This is 🐛 Bug Report

Issue Analytics

State:
Created 3 years ago
Reactions:23
Comments:19 (7 by maintainers)

Top GitHub Comments

12reactions

whimzyLivecommented, Jun 27, 2020

@asterikx until issue is resolved correctly, you can use cdk escape hatches as also suggested by @nija-at.

For my case I did

    const corsMethods = this.apiV1.methods.filter(
      method => method.httpMethod === 'OPTIONS'
    );
    corsMethods.forEach(method => {
      const cfnMethod = method.node.defaultChild as CfnMethod;
      cfnMethod.addPropertyOverride('ApiKeyRequired', false);
      cfnMethod.addPropertyOverride('AuthorizationType', 'NONE');
      cfnMethod.addPropertyDeletionOverride('AuthorizerId');
    });

7reactions

github-actions[bot]commented, Aug 28, 2022

This issue has received a significant amount of attention so we are automatically upgrading its priority. A member of the community will see the re-prioritization and provide an update on the issue.

Top Results From Across the Web

interface CorsOptions · AWS CDK

The Access-Control-Allow-Credentials response header tells browsers whether to expose the response to frontend JavaScript code when the request's credentials ...

ASP.NET Core and CORS Gotchas - Rick Strahl's Web Log

It allows the policy to be reused and be applied selectively. Below I use the explicit policy approach. Register and Define a Policy....

CORS, Preflight request and OPTIONS Method

First, you need to be aware of the Same-origin Policy. It is a browser built-in mechanism which restricts how a script on one...

Cross-origin Resource Sharing (CORS)

Configure the CORS Exemption to exempt ORIGIN requests. This will automatically trigger an exemption with OPTIONS as its Valid Method, but it won't...

CORS - API Gateway - 华为云

Method : Select OPTIONS. CORS: Enabled. Select the Mock backend type. Simple Request. When creating an API that will receive simple requests, ...