mangum icon indicating copy to clipboard operation
mangum copied to clipboard

Published 20 hours ago verified publisher icon jordaneremieff

Overwriting read-only Lambda@Edge headers

Open UnderSampled opened this issue 2 years ago • 3 comments

Hooking up a Mangum lambda to CloudFront as EventType: origin-request returns a 502 response: "The Lambda function result failed validation: The function tried to add, delete, or change a read-only header."

According to the documentation, the Content-Length Header is one of the read-only headers for origin-request events. Not quite sure why. But it's certainly one of the headers returned when calling the lambda. I use the lambda to handle API requests, so it needs IncludeBody, which is only available with origin-request.

I was able to get around this by hijacking the response:

def handler(event, context):
    response = Mangum(app, lifespan="off")(event, context)
    if 'headers' in response:
        response['headers'].pop('content-length')
    return response

UnderSampled avatar May 05 '22 23:05 UnderSampled

Thanks @UnderSampled for the report and example workaround. I won't be able to look into it myself at this time, but I would be willing to review and merge any PRs to address these rules in the handler itself.

jordaneremieff avatar May 10 '22 12:05 jordaneremieff

Duplicate of: https://github.com/jordaneremieff/mangum/issues/143

khamaileon avatar Oct 10 '22 22:10 khamaileon

Including Content-Length in the exclude_headers parameter fixes this:

handler = Mangum(
    app,
    # Content-Length header is not allowed in Lambda@Edge responses.
    exclude_headers=["Content-Length"],
)

exclude_headers was introduced in #280.

eidorb avatar Apr 11 '23 02:04 eidorb