Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cors error from SAM template and Auth enabled. #3493

Closed
david-mateogit opened this issue Jan 4, 2024 · 3 comments
Closed

Cors error from SAM template and Auth enabled. #3493

david-mateogit opened this issue Jan 4, 2024 · 3 comments
Labels
stage/needs-triage Automatically applied to new issues and PRs, indicating they haven't been looked at.

Comments

@david-mateogit
Copy link

Hello.
Is there a definitive guide on how to setup SAM with cognito auth and cors.
I've tried multiple solutions and none have worked yet.
template

Globals:
  Function:
    Runtime: nodejs18.x
    Architectures:
      - x86_64
  Api:
    Cors:
      AllowOrigin: "'*'"
      AllowHeaders: "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,Access-Control-Allow-Origin'"
      AllowMethods: "'POST,GET,OPTIONS'"

Resources:
  TESTAPI:
    Type: AWS::Serverless::Api
    Properties:
      Name: SIMPLEAPP
      StageName: DEV
      GatewayResponses: 
        UNAUTHORIZED:
          StatusCode: 401
          ResponseParameters:
            Headers:
              Access-Control-Allow-Origin: "'*'"
        ACCESS_DENIED:
          StatusCode: 403
          ResponseParameters:
            Headers:
              Access-Control-Allow-Origin: "'*'"
        DEFAULT_5XX:
          StatusCode: 500
          ResponseParameters:
            Headers:
              Access-Control-Allow-Origin: "'*'"
        RESOURCE_NOT_FOUND:
          StatusCode: 404
          ResponseParameters:
            Headers:
              Access-Control-Allow-Origin: "'*'"              
      Cors:
        AllowOrigin: "'*'"
        AllowHeaders: "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,Access-Control-Allow-Origin'"
        AllowMethods: "'POST,GET,OPTIONS'"
      Auth:
        Authorizers:
          AuthAll:
            FunctionArn: !GetAtt AUTHALL.Arn
            Identity:
              Header: Authorization

This is the cognito lambda

  AUTHALL:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: ./
      Handler: AuthAccess.handler
      FunctionName: AuthAccess
      Policies:
        - AmazonCognitoPowerUser

This is the test lambda

  HelloLambdaFunction:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: lambdas/hello/
      Handler: hello.handler
      FunctionName: hello
      Policies:
        - AmazonDynamoDBFullAccess
      Events:
        Hello:
          Type: Api
          Properties:
            RestApiId: !Ref TESTAPI
            Path: /hello
            Method: POST
            Auth:
              Authorizer: AuthAll

Lambda code

export const handler = async (event) => {
  return {
    statusCode: 200,
    headers: {
      "Access-Control-Allow-headers":
        "Content-Type,X-Amz-Date,Authorization,X-Api-Key,Access-Control-Allow-Origin",
      "Content-Type": "application/json",
      "Access-Control-Allow-Origin": "*",
      "Access-Control-Allow-Credentials": true,
      "Access-Control-Allow-Methods": "OPTIONS,POST,GET",
    },
    body: JSON.stringify({ message: "Hello from lambda", event }),
  };
};

And on the Auth lambda I'm returning the headers in the policy trying to fix it, have done it with that and without.

const generatePolicy = (principalId, effect, resource) => {
  const policy = {
    principalId: principalId,
    policyDocument: {
      Version: "2012-10-17",
      Statement: [
        {
          Action: "execute-api:Invoke",
          Effect: effect,
          Resource: resource,
        },
      ],
    },
    response: {
      headers: {
        "Access-Control-Allow-headers":
          "Content-Type,X-Amz-Date,Authorization,X-Api-Key,Access-Control-Allow-Origin",
        "Content-Type": "application/json",
        "Access-Control-Allow-Origin": "*",
        "Access-Control-Allow-Credentials": true,
        "Access-Control-Allow-Methods": "OPTIONS,POST,GET",
      },
    },
  };
  return policy;
};

Is there anything I'm missing that I should be doing when using cors with lambda cognito auth.
The endpoint works correctly when I disable Auth.
On API Gateway Console I can confirm the POST method has the authorizer attached and the OPTIONS method says NONE.

Open to suggestions.
Thanks.
@david-mateogit david-mateogit added the stage/needs-triage Automatically applied to new issues and PRs, indicating they haven't been looked at. label Jan 4, 2024
@xazhao
Copy link
Contributor

xazhao commented Jan 4, 2024

Hello @david-mateogit , Can you try using the property DefaultAuthorizer? Here is a short example of using Cors and Lambda Auth.

@david-mateogit
Copy link
Author

Sorry.
Seems the issue was in my auth lambda.
Also for posterity the policy object should not contain response headers.

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jan 4, 2024

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
stage/needs-triage Automatically applied to new issues and PRs, indicating they haven't been looked at.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@david-mateogit @xazhao