Fix CORS preflight errors due to unknown content-types #30984
Closed
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Set
passthroughBehavior
behavior toNEVER
to prevent errors for CORS preflight requests with content-types other thanapplication/json
.Issue # (if applicable)
This was reported as #18297, but it was closed without a fix.
Reason for this change
Using
addCorsPreflight()
will add a mock integration forOPTIONS
requests and maps them to content-typeapplication/json
. However,OPTIONS
requests with a content-type header other thanapplication/json
lead to HTTP 500 Internal Server Errors.Description of changes
Setting the
passthroughBehavior
toNEVER
returns a mime type error instead of a internal server error, which is the appropriate response.It should be noted that this config was proposed in the initial implementation of
addCorsPreflight()
in #906 already. However, it looks like it didn't make it into the CDK. Instead the default configuration is use, which sets it toWHEN_NO_MATCH
.Description of how you validated changes
I tested the change by manually overriding the
passthroughBehavior
on theLambdaRestApi
resource:Checklist
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license