set "Access-Control-Allow-Headers": "Test-Request" instead of "*"

Author: manwaring

CHANGELOG.md

@@ -4,6 +4,12 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html)
 
+## [4.4.1]  (2020-11-25)
+
+### Changed
+
+- Set `'Access-Control-Allow-Headers': 'Test-Request'` for support of the test-request header when `cors=true` is specified in API responses
+
 ## [4.4.0]  (2020-11-24)
 
 ### Changed
@@ -336,6 +342,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/),
 - Update older libraries
 - Now publish from Git tags instead of master pushes
 
+[4.4.1]: https://github.com/manwaring/lambda-wrapper/compare/v4.4.0...v4.4.1
 [4.4.0]: https://github.com/manwaring/lambda-wrapper/compare/v4.3.0...v4.4.0
 [4.3.0]: https://github.com/manwaring/lambda-wrapper/compare/v4.2.0...v4.3.0
 [4.2.0]: https://github.com/manwaring/lambda-wrapper/compare/v4.1.1...v4.2.0

package-lock.json

@@ -1,7 +1,7 @@
 {
   "name": "@manwaring/lambda-wrapper",
   "description": "A lambda handler wrapper to abstract common functionality and provide useful defaults",
-  "version": "4.4.0",
+  "version": "4.4.1",
   "scripts": {
     "publish-please-dry-run": "publish-please --dry-run",
     "publish-please": "publish-please",

package.json

@@ -11,7 +11,7 @@ describe("API responses", () => {
       body: JSON.stringify("success"),
       headers: {
         "Access-Control-Allow-Origin": "*",
-        "Access-Control-Allow-Headers": "*",
+        "Access-Control-Allow-Headers": "Test-Request",
         "Access-Control-Allow-Credentials": true,
         "Content-Type": "application/json",
       },
@@ -24,7 +24,7 @@ describe("API responses", () => {
     expect(response).toEqual({
       headers: {
         "Access-Control-Allow-Origin": "*",
-        "Access-Control-Allow-Headers": "*",
+        "Access-Control-Allow-Headers": "Test-Request",
         "Access-Control-Allow-Credentials": true,
       },
       statusCode: 200,
@@ -49,7 +49,7 @@ describe("API responses", () => {
       body,
       headers: {
         "Access-Control-Allow-Origin": "*",
-        "Access-Control-Allow-Headers": "*",
+        "Access-Control-Allow-Headers": "Test-Request",
         "Access-Control-Allow-Credentials": true,
         "Content-Type": "image/svg+xml",
       },
@@ -80,7 +80,7 @@ describe("API responses", () => {
     expect(response).toEqual({
       headers: {
         "Access-Control-Allow-Origin": "*",
-        "Access-Control-Allow-Headers": "*",
+        "Access-Control-Allow-Headers": "Test-Request",
         "Access-Control-Allow-Credentials": true,
         "Content-Type": "application/json",
       },
@@ -96,7 +96,7 @@ describe("API responses", () => {
     expect(response).toEqual({
       headers: {
         "Access-Control-Allow-Origin": "*",
-        "Access-Control-Allow-Headers": "*",
+        "Access-Control-Allow-Headers": "Test-Request",
         "Access-Control-Allow-Credentials": true,
         "Content-Type": "application/json",
         Custom: "header",
@@ -111,7 +111,7 @@ describe("API responses", () => {
     expect(response).toEqual({
       headers: {
         "Access-Control-Allow-Origin": "*",
-        "Access-Control-Allow-Headers": "*",
+        "Access-Control-Allow-Headers": "Test-Request",
         "Access-Control-Allow-Credentials": true,
       },
       statusCode: 500,
@@ -123,7 +123,7 @@ describe("API responses", () => {
     expect(response).toEqual({
       headers: {
         "Access-Control-Allow-Origin": "*",
-        "Access-Control-Allow-Headers": "*",
+        "Access-Control-Allow-Headers": "Test-Request",
         "Access-Control-Allow-Credentials": true,
         "Content-Type": "application/json",
       },
@@ -138,7 +138,7 @@ describe("API responses", () => {
       body: JSON.stringify("invalid"),
       headers: {
         "Access-Control-Allow-Origin": "*",
-        "Access-Control-Allow-Headers": "*",
+        "Access-Control-Allow-Headers": "Test-Request",
         "Access-Control-Allow-Credentials": true,
         "Content-Type": "application/json",
       },
@@ -151,7 +151,7 @@ describe("API responses", () => {
     expect(response).toEqual({
       headers: {
         "Access-Control-Allow-Origin": "*",
-        "Access-Control-Allow-Headers": "*",
+        "Access-Control-Allow-Headers": "Test-Request",
         "Access-Control-Allow-Credentials": true,
       },
       statusCode: 400,
@@ -163,7 +163,7 @@ describe("API responses", () => {
     expect(response).toEqual({
       headers: {
         "Access-Control-Allow-Origin": "*",
-        "Access-Control-Allow-Headers": "*",
+        "Access-Control-Allow-Headers": "Test-Request",
         "Access-Control-Allow-Credentials": true,
       },
       statusCode: 418,
@@ -176,7 +176,7 @@ describe("API responses", () => {
       body: JSON.stringify("not found"),
       headers: {
         "Access-Control-Allow-Origin": "*",
-        "Access-Control-Allow-Headers": "*",
+        "Access-Control-Allow-Headers": "Test-Request",
         "Access-Control-Allow-Credentials": true,
         "Content-Type": "application/json",
       },
@@ -189,7 +189,7 @@ describe("API responses", () => {
     expect(response).toEqual({
       headers: {
         "Access-Control-Allow-Origin": "*",
-        "Access-Control-Allow-Headers": "*",
+        "Access-Control-Allow-Headers": "Test-Request",
         "Access-Control-Allow-Credentials": true,
       },
       statusCode: 401,
@@ -202,7 +202,7 @@ describe("API responses", () => {
       body: JSON.stringify("not found"),
       headers: {
         "Access-Control-Allow-Origin": "*",
-        "Access-Control-Allow-Headers": "*",
+        "Access-Control-Allow-Headers": "Test-Request",
         "Access-Control-Allow-Credentials": true,
         "Content-Type": "application/json",
       },
@@ -215,7 +215,7 @@ describe("API responses", () => {
     expect(response).toEqual({
       headers: {
         "Access-Control-Allow-Origin": "*",
-        "Access-Control-Allow-Headers": "*",
+        "Access-Control-Allow-Headers": "Test-Request",
         "Access-Control-Allow-Credentials": true,
         Location: "url",
       },

src/api/shared/responses.test.ts

@@ -3,7 +3,7 @@ import { Metrics, logger } from "../../common";
 const CORS_HEADERS = {
   "Access-Control-Allow-Origin": "*",
   "Access-Control-Allow-Credentials": true,
-  "Access-Control-Allow-Headers": "*",
+  "Access-Control-Allow-Headers": "Test-Request",
 };
 
 const metrics = new Metrics("API Gateway");

src/api/shared/responses.ts

@@ -1,8 +1,8 @@
-import { parse } from 'querystring';
-import { HttpApiEvent } from './payload';
-import { Metrics, logger } from '../../common';
+import { parse } from "querystring";
+import { HttpApiEvent } from "./payload";
+import { Metrics, logger } from "../../common";
 
-const metrics = new Metrics('API Gateway');
+const metrics = new Metrics("API Gateway");
 
 export class Request {
   constructor(private event: HttpApiEvent) {}
@@ -25,7 +25,7 @@ export class Request {
     const auth = this.getAuth();
     const headers = event.headers || undefined;
     const body = new Body(event.body, headers).getParsedBody();
-    const TEST_REQUEST_HEADER = process.env.TEST_REQUEST_HEADER || 'Test-Request';
+    const TEST_REQUEST_HEADER = process.env.TEST_REQUEST_HEADER || "Test-Request";
     const testRequest = headers && headers[TEST_REQUEST_HEADER] ? JSON.parse(headers[TEST_REQUEST_HEADER]) : false;
     const parsed = { body, path, rawPath, query, rawQueryString, auth, headers, testRequest };
     metrics.common(parsed, event);
@@ -51,11 +51,11 @@ export class Body {
         } else if (this.isJSON(contentType)) {
           parsedBody = JSON.parse(this.body);
         } else {
-          logger.error('Content-Type header not found, attempting to parse as JSON');
+          logger.error("Content-Type header not found, attempting to parse as JSON");
           parsedBody = JSON.parse(this.body);
         }
       } catch (err) {
-        logger.error('Error parsing body, returning as-is', err, this.body);
+        logger.error("Error parsing body, returning as-is", err, this.body);
         parsedBody = this.body;
       }
     }
@@ -64,15 +64,15 @@ export class Body {
 
   private getContentType(): string {
     return (
-      this.headers && (this.headers['Content-Type'] || this.headers['CONTENT-TYPE'] || this.headers['content-type'])
+      this.headers && (this.headers["Content-Type"] || this.headers["CONTENT-TYPE"] || this.headers["content-type"])
     );
   }
 
   private isFormUrlEncoded(contentType?: string): boolean {
-    return contentType?.toUpperCase().includes('APPLICATION/X-WWW-FORM-URLENCODED');
+    return contentType?.toUpperCase().includes("APPLICATION/X-WWW-FORM-URLENCODED");
   }
 
   private isJSON(contentType: string): boolean {
-    return contentType?.toUpperCase().includes('APPLICATION/JSON');
+    return contentType?.toUpperCase().includes("APPLICATION/JSON");
   }
 }