Aws-sam-cli: Global AllowCredentials is not working with localhost / local server

Created on 28 Nov 2019 · 8Comments · Source: aws/aws-sam-cli

Globals:
  Api:
    Cors:
      AllowOrigin: "'http://localhost:9000'"
      AllowCredentials: "'true'"
      AllowMethods: "'GET,POST'"
      AllowHeaders: "'*'"

I have seen this: https://github.com/awslabs/serverless-application-model/issues/1166

But AllowCredentials is definitely not working for either true, "true" or "'true'". Since this is a very important setting, not sure why no one is raising this up.

All other cors settings work without problem, just AllowCredentials.

arelocastart-api

Source

dz902

👍4

Most helpful comment

@dz902 I hadn't noticed it was reverted. I reached out on the revert pull request (#1664) to see why.

CGreenburg on 16 Apr 2020

👍2

All 8 comments

Just found that the same template is working when deployed to AWS, just not working locally. Very strange. Does that have anything to do with the local server?

dz902 on 28 Nov 2019

Just found it's something missing from the server: https://github.com/pallets/werkzeug/issues/131

Anything we can do to enable credentials to test locally?

dz902 on 28 Nov 2019

I'm also running into this issue. I set cookies in my API but the cookies won't persist in the browser since the Access-Control-Allow-Credentials header doesn't return true from the OPTIONS request. I think this is necessary to have.

CGreenburg on 8 Dec 2019

WIP PR #1648 is approved. We need someone to complete unit and integration tests for the change before it can be released

sanathkr on 9 Dec 2019

Just wanted to follow up here and see if anyone has a workaround for this. Currently running aws-sam-cli v0.40.0 and can't get the AllowCredentials: true header to be provided in the response no matter what I try.