Issue with when_no_match passthroughBehavior for @cors preflight integration in openapi definition
#2289
Comments
2 tasks
jfkisafk
added a commit
to jfkisafk/foxbat.model
that referenced
this issue
May 21, 2024
kstich
pushed a commit
that referenced
this issue
May 22, 2024
kstich
pushed a commit
that referenced
this issue
May 22, 2024
…a new flag The new Open API setting is `syncCorsPreflightIntegration`. Added the docs as well. closes #2289
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Issue
Smithy's @cors trait does not give you access to change the passThroughBehavior and sets the
$options.x-amazon-apigateway-integration.passThroughBehavioras when_no_match for all resource paths in the openapi definition. That means if the site uses CORS and submits an OPTION request withapplication/x-www-form-urlencodedContent-Type, then API Gateway might reject the response with a 500 if the request payload does not happen to be:{"statusCode":200}We won't want to reject with a 415 Unsupported by overriding the passthroughBehavior to
neverthrough jsonSchema injection. That skips calling the actual GET/PUT/.. operation and is a better choice if we need to reject specific Content-Type(s) or provide extra gateway template configurations.Source code: https://github.com/smithy-lang/smithy/blob/main/smithy-aws-apigateway-openapi/src/main/java/software/amazon/smithy/aws/apigateway/openapi/AddCorsPreflightIntegration.java#L225-L230
Potential Fixes
We can add the
{"statusCode":200}request template for all unique mime-type(s) supported by each operations within a path. That way we won't get inadvertent API Gateway errors with OPTIONS operation and the request can move to GET/PUT/... integration.The text was updated successfully, but these errors were encountered: