Multi Origin Cors #195
Merged
Multi Origin Cors #195
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
vladholubiev
reviewed
Jun 2, 2018
| const origin = handler.event.headers['origin'] || handler.event.headers['Origin'] | ||
| if (options.credentials && options.origin === '*' && origin) { | ||
| return origin | ||
| const incomingOrigin = handler.event.headers['origin'] || handler.event.headers['Origin'] |
There was a problem hiding this comment.
I believe we can omit handler.event.headers['Origin'] as all headers are lower-cased?
There was a problem hiding this comment.
The original code on this branch checks both?
There was a problem hiding this comment.
I think we can change the tests to use lowercase only, is that fine @lmammino ?
dkatavic
suggested changes
Jun 2, 2018
There was a problem hiding this comment.
Great stuff. I just have a small comment about readme file. When that and @vladgolubev comments are addressed, this should be safe to merge
| @@ -45,6 +45,7 @@ npm install --save @middy/http-cors | |||
| ## Options | |||
|
|
|||
| - `origin` (string) (optional): origin to put in the header (default: "`*`") | |||
| - `origins` (array) (optional): An array of allowed origins. The incoming origin is matched against the list and is returned if present. | |||
There was a problem hiding this comment.
can you add this in README.md.hb file and then run npm run build:readme
There was a problem hiding this comment.
I can't find that file or that build target in this branch?
There was a problem hiding this comment.
This file was removed from this branch
|
@dkatavic @vladgolubev if you see how the middlewares in the current 1.0.0 branch are implemented, you'll see we are trying to support the canonical representation as a fallback to the lowercase one. This way, even if the header normalizer middleware is not in use there's a reasonable level of support for other header based middlewares. I think this impementation is ok if we want to progress with this approach. |
ossareh
reviewed
Jun 5, 2018
packages/http-cors/index.d.ts
Outdated
| @@ -2,6 +2,7 @@ import middy from '../core' | |||
|
|
|||
| interface ICorsOptions { | |||
| origin: string; | |||
| origins: string[]; | |||
There was a problem hiding this comment.
this should be optional: origins?: string[] - to match up with the javascript: https://github.com/middyjs/middy/pull/195/files#diff-3f35fefc85b62544f23244fe1407a252R10
The current ICorsOptions interface is incorrect - I have a fix for that about to be submitted to PR - so no need to fix anything other than this one line imho.
There was a problem hiding this comment.
Then let's wait for the other PR to be merged and then we'll get this one updated (if needed) and merged too. What do you think? :)
There was a problem hiding this comment.
If #200 lands, then this won't pass the ci check, if this lands first then #200 will fail because the tests do not look for this value being optional. So I don't think we need to be too strategic around which is merged first :)
I called it out primarily as I noticed it and wanted to let @thejuan know about my impending PR and how it may affect this work.
There was a problem hiding this comment.
yeah, this branch should be rebased off master and then any conflicts and test errors should be fixed.
|
Rebased and made origins optional in typescript definitions |
lmammino
approved these changes
Jun 13, 2018
| @@ -45,6 +45,7 @@ npm install --save @middy/http-cors | |||
| ## Options | |||
|
|
|||
| - `origin` (string) (optional): origin to put in the header (default: "`*`") | |||
| - `origins` (array) (optional): An array of allowed origins. The incoming origin is matched against the list and is returned if present. | |||
There was a problem hiding this comment.
This file was removed from this branch
lmammino
added a commit
that referenced
this pull request
Apr 25, 2020
* Updated codecov and jest to remove security warning on GitHub * Updated circleci to work with lerna * Added README files * Updated CI and readmes * Made lerna publish non interactive * Improved lerna publishing * make packages public * Properly publishing scoped packages as public * Updated version badges * Do not publish packages as next * Ported changes on ssm middleware from 0.x by @tommy5dollar * Http header normaliser to lowercase (#185) * change middleware so the request headers can be lowercase or normalised * Normalize headers to lowercase rather than camelCase * Fix eslint (removed extra semicolon) * Change option for http-header-normalizer from camelCase to canonical * version bump * Renamed cors package to http-cors (#181) * Backport changes to ssm in 0.x by @theburningmonk (#191) * updated AWS SDK and running tests for both node6 and node8 * Multi Origin Cors (#195) * feat: multi origin cors * fix: accounting for header case * updated AWS SDK and running tests for both node6 and node8 * fix: made origins optional in typescript definitions * Merged with current master and version bump * Adds GitHub PR and Issue templates (#206) * Adds GitHub PR and Issue templates * Added todo list and version bumped * Add input output logger middleware (#205) * Add input output logger middleware * JSON stringify logs and wrap into an object * Update unit tests * version bump * Ported changes for making sure that handlers run only once. Closes #175 * Added error-logger middleware * Fixed error logger and unstable tests in core * backported SSM caching fix from 0.16.2 (#225) * backported SSM caching fix from 0.16.2 * Ported http-security-headers middlewares by @willfarrell to 1.x * add secrets-manager middleware (#228) backported SSM caching fix from 0.16.2 * update secrets manager with throwOnFailedCall flag (#236) * Initial work for 1.0.0 with secrets-manager * bump typings * bump package-locks * bump version to 17 * fix package locks * refactor: folder name to package name for http-security-header (#240) * refactor: folder name to package name for http-security-header * version bump * build: add a pre commit hook to run lint checks on all changed files (#242) * build: add a pre commit hook to run lint checks on all changed files * version bump * added FunctionShield middleware * Fix json body parse example (cherry picked from commit c03bdb0) * chore: bump version - Fix json body parse example #254 - Add functionShield middleware link to the main readme #248 * FunctionShield updated to 1.2.2 * Updates S3 event version to allow event versions of 2.x (thanks @kenleytomlin) * Integrated LGTM badge * Added default export to ssm middleware * Added default export to secrets-manager middleware * Allow use() to receive multiple middlewares (#288) * Allow use() to receive multiple middlewares * Updated typings and added a CHANGELOG * Version bump * Made middlewares optional in typings * Updated dependencies * Add community middleware to README (#299) * Add community middleware to README * Version bump and merge with current 1.0.0-alpha * Added http-response-serializer middleware (#304) * Added http-response-serializer middleware * Updated deps * Version bump * add: required properties list (#307) * add: required properties list * version bump * return promise from instance if no callback is present (#314) * return callback from instance if no callback is present * Version bump * port cors error swallow fix (#313) * port cors error swallow fix * added cors error swallow test * cors doc sample fix import * version bump * Make ICorsOptions fields optional (#319) * Make ICorsOptions fields optional * Port #326 (#328) * added test for multiple ssm names with same path * stop inverting userParams object; allow multiple SSM names with same path * remove Object.entries for node 6 support * only fetch duplicated SSM params once * version bump * Support reviver parameter in for http-json-body-parser (#331) * add reviver support for http-json-body-parser * version bump * Updated dependencies * fix: content type request bug in http serializer (#335) * fix: tests not waiting for callbacks * fix: content-type skip using request headers not response headers * version bump and handling Cannot read property headers of undefined * fix: httpErrorHandler minification type checking (#341) * fix: httpErrorHandler minification type checking * version bump * Port waitForEmptyEventLoop in Warmup middlware (#345) to v.1.0.0 branch (#354) * Port waitForEmptyEventLoop in Warmup middlware (#345) to v.1.0.0 branch * version bump * Make greenkeeper ignore updates of aws-sdk to keep parity w/ actual Lambda runtime (#369) * feat: make greenkeeper ignore updates of aws-sdk to keep parity w/ actual Lambda runtime * version bump * Port documentation changes from #371 (#376) * http-cors: expose getOrigin in options (#385) * feat: exposes http-cors getOrigin to options * Version bump * test: make tests succeed via wallaby * feat: normalize multiValueQueryStringParameters property * docs: update readme by multiValueQueryStringParameters property support * chore: increment version in package-lock.json * fix: propagate error when "runOnError" is true in doNotWaitForEmptyEventLoop closes #318 * chore: bump versions * chore: run unit tests on node 10 as well * chore: don't install lerna globally in ci * chore: bump versions * chore: bump versions [ci skip] * chore(commit-hook): fix eslint errors and stage files [ci skip] * chore: bump versions * feat: version bump * chore: update all dev deps to their latest versions * chore: bump versions * chore: run lint as own job on node 10 and tests on different node versions * chore: run test:packages correctly * chore: don't repeat typings-check in each node version * Fix relative imports (#383) * Add @middy/core to devDependencies instead of using relative import * version bump * Rewrite tests to use async/await (fix #270) (#391) * test: add expect.hasAssertions before each test * test: add invoke test helper which promisifies handler * test: rewrite "packages/cache" tests to async/await fixes #270 * test: rewrite "packages/do-not-wait-for-empty-event-loop" tests to async/await fixes #270 * test: rewrite "packages/error-logger" tests to async/await fixes #270 * test: rewrite "packages/function-shield" tests to async/await fixes #270 * test: rewrite "packages/http-content-negotiation" tests to async/await fixes #270 * test: rewrite "packages/http-cors" tests to async/await fixes #270, fixes 2 tests which were incorrect due callbacks * test: rewrite "packages/http-error-handler" tests to async/await fixes #270 * test: rewrite "packages/http-event-normalizer" tests to async/await fixes #270 * test: rewrite "packages/http-header-normalizer" tests to async/await fixes #270 * test: rewrite "packages/http-json-body-parser" tests to async/await fixes #270 * test: rewrite "packages/http-partial-response" tests to async/await fixes #270 * test: rewrite "packages/http-response-serializer" tests to async/await fixes #270 * test: rewrite "packages/http-security-header" tests to async/await fixes #270 * test: rewrite "packages/http-urlencode-body-parser" tests to async/await fixes #270 * test: rewrite "packages/input-output-logger" tests to async/await fixes #270 * test: rewrite "packages/s3-key-normalizer" tests to async/await fixes #270 * test: rewrite "packages/secrets-manager" tests to async/await fixes #270 * test: rewrite "packages/ssm" tests to async/await fixes #270 * test: rewrite "packages/validator" tests to async/await fixes #270 * test: rewrite "packages/warmup" tests to async/await fixes #270 * Changes to fix tests * Using es6-promisify for Node6 * Properly added es6-promise as dev dependency to all packages * importing es6-promisify correctly * One moar attempt :( * Version bump * Fix security with npm audit * eslint and typescript improvements * move @types/aws-lambda to a peerDependency (#412) * move @types/aws-lambda to a peerDependency * version bump * [typings] Make middy.use accept array of middlewares as well (#413) * feat(typings): make middy.use accept array of middlewares * refactor: rename "input" to "middlewares" * chore: version bump * Typo & grammar fixes in README (#416) * Typo & grammar fixes in README * version bump * Context specified in middy constructor should be passed forward to the Middy interface (#427) * Context specified in middy constructor should be passed forward to the Middy interface FIx for 1.0.0-alpha branch * version bump * dbManager middleware @ monorepo (#407) * dbManager middleware @ monorepo * just some whitespaces * downgrade knex for node@6 support * remove typescript from db manager * remove redundant ignores * version bump * Renamed dbManager package to db-manager (#430) * Fixed http-security-header name discrepancy. Fixes #372 (#431) * Fixed http-security-header name discrepancy. Fixes #372 * Version bump * Fix IURLEncodeBodyParserOptions definition (#439) * fix: syntax error, false is not a type * Merge with current 1.0.0-alpha and version bump * urlEncodePathParser (#438) * feat: add in decoder for path parameters * docs: update main readme to include new middleware * docs: fix merge conflict * Version bump and updated typescript definitions * fix: requested changes #438 * ci: deprecate old runtimes (#441) * ci: deprecate old runtimes * version bump * fixed build test deploy pipeline definition * [warmup] add in info about provisioned concurrency (#447) * docs: add in info about provisioned concurrency * version bump * Dependency Performance Improvements (#442) * fix: move dep include out of middleware functions * fix: only include relevent clients * version bump * HttpSecurityHeader Improvements (#443) * feat: add in missing features - Add in X-Permitted-Cross-Domain-Policies - Add in catch for thrown errors Closes #426 #434 * version bump * Port cache middleware chages from #359 to 1.0.0-alpha (#444) * fix: add in missing catch Closes #377 * version bump * version bump * Port httpMultipartBodyParser to v1.0.x (#445) * feat: add in httpMultipartBodyParser Closes #321 * Version bump and other small fixes * readded package-lock * restoring package-lock in every package * feat: add in RDS Auth Token option Closes #428 * fix: mock out RDS sdk * add custom context to 1.0.0 typings (#454) * fix: add custom context to 1.0.0 * version bump Co-authored-by: Luciano Mammino <lucianomammino@gmail.com> * Update dependencies (#456) * fix: remove async due to causing multiple `next()` calls * fix: bring back async without next() * fix: remove unused next * Added update instructions (#457) * Added update instructions * Mandatory emoji * made link to UPDATE relative * Fixes after review * 1.x in upgrade guide * version bump * version 1.0.0-beta * Fix syntax highlighting in Readme * FucntionShield: add warning and bump dep version (#464) * fix: add warning and bump dep version Addresses #460 * Merged current 1.0.0-beta in * version bump Co-authored-by: Luciano Mammino <lucianomammino@gmail.com> * Add in RDS Auth Token option to dbManager (#462) * feat: add in RDS Auth Token option Closes #428 * fix: mock out RDS sdk * fix: remove async due to causing multiple `next()` calls * fix: bring back async without next() * fix: remove unused next * version bump Co-authored-by: Luciano Mammino <lucianomammino@gmail.com> * fix: secretsManager regression * Put required next to validator body (#469) * Put required next to validator body * Version bump Co-authored-by: Luciano Mammino <lucianomammino@gmail.com> * fix: variable clean up * fix: update typescript interface * version bump * ci: fix how RDS service is mocked out * feat: add sqs-batch middleware (#471) * feat: sqs-partial-batch-failure * Add maxAge and cacheControl options to @middy/http-cors (#473) * Add maxAge and cacheControl options to @middy/http-cors * version bump Co-authored-by: Luciano Mammino <lucianomammino@gmail.com> * Fix: Http-response-serializer returns {} when body is falsey (#477) * fix: http response serializer returns {} when body is falsey * Add FAQ item about context.done called twice warning (#481) Co-authored-by: Pedro Resch <pedro@agenciaatom.com.br> [ci skip] * Update index.d.ts (#487) * Update index.d.ts * version bump Co-authored-by: Luciano <lucianomammino@gmail.com> * [feature] sqs json body parser (#491) Added sqs-json-body-parser middleware. Thanks @thematrimix! * Move to GitHub actions and improve release process (#504) * Moves CI to GitHub Actions and improves release process * Version bump and updated dependencies * Updated release workflow * Release triggers on release publish * release workflow named properly * must install dependencies to be able to release -.- * Add middy-mongoose-connector 3rd-party middleware (#496) * update `accept` to `@hapi/accept` (#503) * version bump and updated changelog * Clarifies the behaviour of error handling when using promises as requested in #485 * Updated test name * Run tests also on PRs * Ability to omit fields from logged events and responses in input-output-logger (#507) * adds the ability to omit fields from logged events and responses * Version 1.0.0-beta.11 * Fix import middleware name (#509) Co-authored-by: Miki <1433184+miki79@users.noreply.github.com> Co-authored-by: Adam Mills <adam@chambills.com> Co-authored-by: Kevin Rambaud <kevin.rambaud@gmail.com> Co-authored-by: Yan Cui <theburningmonk@gmail.com> Co-authored-by: Sebastian Domagała <sdomagala@users.noreply.github.com> Co-authored-by: Christian Murphy <christian.murphy.42@gmail.com> Co-authored-by: Yuri Shapira <yuri@puresec.io> Co-authored-by: Rafael Renan Pacheco <rafael.renan.pacheco@gmail.com> Co-authored-by: Vlad Holubiev <golubev.vld@gmail.com> Co-authored-by: Luciano Mammino <lmammino@vectra.ai> Co-authored-by: Daniel Bartholomae <daniel@bartholomae.name> Co-authored-by: Alex DeBrie <alexdebrie1@gmail.com> Co-authored-by: Alex Joyce <im@alex-joyce.com> Co-authored-by: Natan Deitch <natan.luz.deitch@gmail.com> Co-authored-by: Andrej Novikov <jazzaiman@gmail.com> Co-authored-by: Gurarpit Singh <gsingh.ldn@gmail.com> Co-authored-by: Markus Olsson <j.markus.olsson@gmail.com> Co-authored-by: Gary Holland <garyhollandxyz@users.noreply.github.com> Co-authored-by: Roni Frantchi <roni-frantchi@users.noreply.github.com> Co-authored-by: Vlad Holubiev <vladgolubev@users.noreply.github.com> Co-authored-by: Vitalii Sikora <vitalii.sikora@gmail.com> Co-authored-by: Chris Shepherd <chris@chrisshepherd.me> Co-authored-by: Adam Duro <adam@duromedia.com> Co-authored-by: Cathy Casey <16669450+CathyC93@users.noreply.github.com> Co-authored-by: Jakub Chrzanowski <jakub@chrzanowski.info> Co-authored-by: will Farrell <willfarrell@users.noreply.github.com> Co-authored-by: will Farrell <will.farrell@gmail.com> Co-authored-by: Paweł Kowalski <pavelloz@Gmail.com> Co-authored-by: Ali Clark <ali@clark.gb.net> Co-authored-by: Brett Andrews <brett.j.andrews@gmail.com> Co-authored-by: Marcelo Luiz Onhate <onhate@users.noreply.github.com> Co-authored-by: rschpdr <34459903+rschpdr@users.noreply.github.com> Co-authored-by: Mohamed Gamal <Mohamed.abugalala@gmail.com> Co-authored-by: Joshua Vaughn <thematrimix@yahoo.com> Co-authored-by: Bailey Tincher <btincher99@gmail.com> Co-authored-by: Jarrod Davis <developer@jarrodldavis.com> Co-authored-by: J.A.C.C <abdala+github@e.email>
benjifs
pushed a commit
to benjifs/middy
that referenced
this pull request
May 21, 2020
* feat: multi origin cors * fix: accounting for header case * updated AWS SDK and running tests for both node6 and node8 * fix: made origins optional in typescript definitions * Merged with current master and version bump
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Forward port of feature