powertools-lambda-python Bug: ALB with multiValueHeaders will not return correct CORS headers in OPTIONS preflight

Bug: ALB with multiValueHeaders will not return correct CORS headers in OPTIONS preflight

Open Wurstnase opened this issue 9 months ago • 0 comments

Expected Behaviour

An OPTIONS preflight should return all "Access-Control-*" headers.

Current Behaviour

https://github.com/aws-powertools/powertools-lambda-python/blob/87d580af0dfaa8007d4e6f6318eef09a3dad206d/aws_lambda_powertools/event_handler/api_gateway.py#L2132

will only fetch "headers" from the event. This will return None in an ALBEvent with multiValueHeaders enabled.

Code snippet

cors = CORSConfig(
    allow_origin="*",
    allow_credentials=True,
)

app = ALBResolver(cors=cors)

Possible Solution

_origin_header = self.current_event.resolved_headers_field.get("origin")  # case insensitive?!?
_origin = _origin_header if isinstance(_origin_header, str) else _origin_header.pop(None)
headers.update(self._cors.to_dict(_origin))

Steps to Reproduce

curl -X OPTIONS https://xxx.amazonaws.com -H "origin: http://example.com"

... snip
< HTTP/2 204
< server: awselb/2.0
< date: Tue, 14 May 2024 09:06:13 GMT
< access-control-allow-methods: CONNECT,DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT,TRACE

Powertools for AWS Lambda (Python) version

latest

AWS Lambda function runtime

3.12

Packaging format used

Lambda Layers

Debugging logs

No response

May 14 '24 10:05 Wurstnase

powertools-lambda-python powertools-lambda-python copied to clipboard

Bug: ALB with multiValueHeaders will not return correct CORS headers in OPTIONS preflight

Expected Behaviour

Current Behaviour

Code snippet

Possible Solution

Steps to Reproduce

Powertools for AWS Lambda (Python) version

AWS Lambda function runtime

Packaging format used

Debugging logs

powertools-lambda-python
powertools-lambda-python copied to clipboard