fix(event_handler): CORS Origin for ALBResolver multi-headers

[leandrodamascena]

Issue number: #4327

Summary

Changes

AWS offers various integration options for Lambda, such as ALB, REST API, HTTP API, Lambda URL, and others. These integrations have different payloads, and when working with ALB and multi-headers, we were unable to add CORS as it only considered a header single value.

With this fix, we can now work with both single and multi-header scenarios without any issues. Additionally, the fix looks for Origin/origin header in both single-value and multi-value headers, providing a more comprehensive and robust solution for handling different types of request headers.

User experience

There is no change in the user experience, this is a bug.

Checklist

If your change doesn't seem to apply, please leave them unchecked.

• Meet tenets criteria
• I have performed a self-review of this change
• Changes have been tested
• Changes are documented
• PR title follows conventional commit semantics

Is this a breaking change?

RFC issue number:

Checklist:

• Migration process documented
• Implement warnings (if it can live side by side)

Acknowledgment

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

Disclaimer: We value your time and bandwidth. As such, any pull requests created on non-triaged issues might not be successful.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 96.26%. Comparing base (e14e768) to head (d5b82bb).
Report is 477 commits behind head on develop.

Additional details and impacted files

@@             Coverage Diff             @@
##           develop    #4385      +/-   ##
===========================================
- Coverage    96.38%   96.26%   -0.12%     
===========================================
  Files          214      218       +4     
  Lines        10030    10449     +419     
  Branches      1846     1861      +15     
===========================================
+ Hits          9667    10059     +392     
- Misses         259      273      +14     
- Partials       104      117      +13     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[heitorlessa]

Hey @leandrodamascena thanks for the fix ;)

When you've got time could you update the PR body to explain what the actual fix is?

[Wurstnase]

Many thanks. I will take a look into the fix.

[heitorlessa]

Two quick changes as I head to the airport.

1. Use our internality utility function to get case insensitive headers

2. Revisit origin headers extraction logic placement

[leandrodamascena]

Just an update: E2E tests are green.

[leandrodamascena]

E2E tests are green

[heitorlessa]

Tiny change to remove unnecessary branching (if I understood it right)

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarCloud

[pseudochaos]

Hi guys! Your changelog indicates that this issue was resolved in the release 2.39.0. However, the fix is not present in 2.39.0 or in 2.39.1. Can you clarify when we can expect it?

[leandrodamascena]

Hi guys! Your changelog indicates that this issue was resolved in the release 2.39.0. However, the fix is not present in 2.39.0 or in 2.39.1. Can you clarify when we can expect it?

Hello @pseudochaos! I see this fix in version 2.39.0, but do you mean it's not working as expected? Can you give more details about this please?

[pseudochaos]

Hi guys! Your changelog indicates that this issue was resolved in the release 2.39.0. However, the fix is not present in 2.39.0 or in 2.39.1. Can you clarify when we can expect it?

Hello @pseudochaos! I see this fix in version 2.39.0, but do you mean it's not working as expected? Can you give more details about this please?

Hi @leandrodamascena! Yes, it's not working as expected or as it was working in 1.x. After upgrading from 1.31.1 to 2.39.1 I stopped receiving the Access-Control-Allow-Origin: * header. My code looks like this:

app = APIGatewayRestResolver(strip_prefixes=['/foo'], cors=CORSConfig())

and this is how I specify the dependency - aws-lambda-powertools[tracer]==2.39.1.
To temporarily workaround the issue, I had to explicitly return a Response object with the header like this:

return Response(headers={'Access-Control-Allow-Origin': '*'}, body=...)

[leandrodamascena]

Yes, it's not working as expected or as it was working in 1.x. After upgrading from 1.31.1 to 2.39.1

Just to make sure I understand the point here: you are migrating from Porwertools v1 to v2, correct?

I'm opening an issue on your behalf and we can discuss more there. It might be interesting if you provide some code snippet and the result you expect from it.

[leandrodamascena]

@pseudochaos can you please add more information in this issue?

#4589