Aws-sam-cli: sam local does not accept additional quotes in CORS configuration

Created on 28 Aug 2019  路  5Comments  路  Source: aws/aws-sam-cli

Description

According to https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#cors-configuration CORS configuration strings should have an extra pair of quotes like this:

Cors:
  AllowMethods: "'OPTIONS,GET,POST,DELETE'"
  AllowHeaders: "'X-Forwarded-For'"
  AllowOrigin: "'*'"

Running sam local start-api with a template containing the above gives me: Error: The method 'OPTIONS is not a valid CORS method. (notice the dangling quote).

Steps to reproduce

Add the Cors configuration above to an API definition. Run sam local start-api.

Sample template: 

AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Resources:
  HelloApi:
    Type: AWS::Serverless::Api
    Properties:
      StageName: prod
      Cors: 
        AllowOrigin: "'*'"
        AllowMethods: "'OPTIONS,HEAD,GET,PUT,POST'"
        AllowHeaders: "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'"
  HelloWorldFunction:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: hello-world/
      Handler: app.lambdaHandler
      Runtime: nodejs10.x
      Events:
        HelloWorld:
          Type: Api
          Properties:
            Path: /hello
            Method: get
            RestApiId: 
              Ref: HelloApi

Observed result

$ sam --debug local start-api
Error: The method 'OPTIONS is not a valid CORS method

If I remove the extra singe quotes in AllowMethods, sam local start-api works as expected, but then I cannot deploy the template.

Expected result

Expected a running API with CORS enabled.

Additional environment details (Ex: Windows, Mac, Amazon Linux etc)

  1. OS: macOS 10.14.6
  2. sam --version: SAM CLI, version 0.21.0
arelocastart-api priorit2-important typbug
Source
picture stalar
👍2 👀1

All 5 comments

Ah, good catch! Looks like we actually test similar to way you reported it. https://github.com/awslabs/aws-sam-cli/blob/develop/tests/integration/testdata/start_api/swagger-template.yaml

sriram-mv picture sriram-mv on 29 Aug 2019

sam --version
SAM CLI, version 0.19.0
on ubuntu18.04
with this template (sorry the formatting goes away under code insert !? but it's properly formatted according emacs yaml mode) I do NOT see the issue (no error with or without single quotes, however the Cors: directive does not take effect (see error at bottom)

Resources:
SGSApi:
Type: AWS::Severless::Api
Properties:
Cors:
AllowMethods: "'*'"
AllowHeaders: "'OPTIONS,HEAD,GET,PUT,POST'"
AllowOrigin: "'http://localhost:4200'"
PedigreeFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: ./lambda-scripts/get-pedigrees.py
Handler: app.lambda_handler
Runtime: python3.7
Events:
FilePairs:
Type: Api
Properties:
Path: /pedigree
Method: GET

_Access to XMLHttpRequest at 'http://localhost:3000/pedigree' from origin 'http://localhost:4200' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource._

iceback picture iceback on 29 Aug 2019

OK, I just upgraded to v 0.21.0 and bumped into similar issue as OP.
This Cors: element

Globals:
Function:
Timeout: 3
Api:
Cors:
AllowMethods: "'*'"
AllowHeaders: "'OPTIONS,HEAD,GET,PUT,POST'"
AllowOrigin: "'http://localhost:4200'"

lead to this error msg

sam --debug local start-api
Error: The method '*' is not a valid CORS method

removing the single quotes allows sam to start but I still cannot configure Cors: effectively

sam --debug local start-api
Mounting FilePairsFunction at http://127.0.0.1:3000/file-pairs [GET, OPTIONS]
Mounting PedigreeFunction at http://127.0.0.1:3000/pedigree [GET, OPTIONS]
You can now browse to the above endpoints to invoke your functions. You do not need to restart/reload SAM CLI while working on your functions, changes will be reflected instantly/automatically. You only need to restart SAM CLI if you update your AWS SAM template
2019-08-29 13:29:48 * Running on http://127.0.0.1:3000/ (Press CTRL+C to quit)
2019-08-29 13:30:06 127.0.0.1 - - [29/Aug/2019 13:30:06] "OPTIONS /pedigree HTTP/1.1" 200 -

My template.yaml:

AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: >
ppr-app
Template for ppr aws app

More info about Globals: https://github.com/awslabs/serverless-application-model/blob/master/docs/globals.rst

Globals:
Function:
Timeout: 3
Api:
Cors:
AllowMethods: "*"
AllowHeaders: "'OPTIONS,HEAD,GET,PUT,POST'"
AllowOrigin: "'http://localhost:4200'"
Resources:
FilePairsFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: ./lambda-scripts/analyze-file-pairs.py
Handler: app.lambda_handler
Runtime: python3.7
Events:
FilePairs:
Type: Api
Properties:
Path: /file-pairs
Method: GET
PedigreeFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: ./lambda-scripts/get-pedigrees.py
Handler: app.lambda_handler
Runtime: python3.7
Events:
FilePairs:
Type: Api
Properties:
Path: /pedigree
Method: GET

iceback picture iceback on 29 Aug 2019

Running through the exact issue after upgrading to SAM CLI, version 0.21.0

Getting 

Error: The method 'GET is not a valid CORS method

for CORS configurations:


Globals:
  Api:
    Cors:
      AllowMethods: "'GET,POST,OPTIONS'"
      AllowHeaders: "'content-type'"
      AllowOrigin: "'*'"
      AllowCredentials: "'*'"
me2resh picture me2resh on 1 Sep 2019
👍1

Closing as this was released in v0.22.0

jfuss picture jfuss on 17 Oct 2019
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

cvuijst picture cvuijst  路  3Comments
terlar picture terlar  路  3Comments
rhlsthrm picture rhlsthrm  路  4Comments
PhungXuanAnh picture PhungXuanAnh  路  3Comments
zhangzhx picture zhangzhx  路  3Comments