8000 feat(event-handler): add CORS middleware support by dcabib · Pull Request #4477 · aws-powertools/powertools-lambda-typescript · GitHub
[go: up one dir, main page]
Skip to content

feat(event-handler): add CORS middleware support #4477

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 8 commits into from
Sep 18, 2025
Merged

feat(event-handler): add CORS middleware support #4477

merged 8 commits into from
Sep 18, 2025

Conversation

dcabib
Copy link
Contributor
@dcabib dcabib commented Sep 12, 2025
edited by sdangol
Loading

Description

This PR implements CORS middleware support for the Event Handler as requested in issue #4446.

Implementation

  • CORS middleware with configurable options
  • OPTIONS preflight handling with 204 status
  • string and array based origin validation

Configuration Options

The middleware supports all standard CORS options:

  • origin: string | string[]
  • methods: string[]
  • allowedHeaders: string[]
  • exposedHeaders: string[]
  • credentials: boolean
  • maxAge: number

Usage

// Global CORS
router.use(cors({ origin: '*' }));

// Route-specific CORS  
router.get('/api/data', [cors({ origin: 'https://myapp.com' })], handler);

Acknowledgment

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

Closes #4446

@boring-cyborg boring-cyborg bot added event-handler This item relates to the Event Handler Utility tests PRs that add or change tests labels Sep 12, 2025
@pull-request-size pull-request-size bot added the size/XL PRs between 500-999 LOC, often PRs that grown with feedback label Sep 12, 2025
@dani-abib
feat(event-handler): add CORS middleware for REST API
2a9fd4c 
- Add comprehensive CORS middleware with configurable options
- Support string, array, and function-based origin validation
- Handle OPTIONS preflight requests with 204 status
- Add CORS headers to regular responses
- Include comprehensive test suite (26 tests)
- Follow Python implementation defaults for consistency
- Support global and route-specific middleware usage

Signed-off-by: Daniel ABIB <daniabib@amazon.com>
@dcabib dcabib force-pushed the feat/cors-middleware branch from b511608 to 2a9fd4c Compare September 12, 2025 20:32
svozza
svozza requested changes Sep 13, 2025
View reviewed changes
dreamorosi
dreamorosi reviewed Sep 13, 2025
View reviewed changes
dreamorosi
dreamorosi previously requested changes Sep 13, 2025
View reviewed changes
Copy link
Contributor
@dreamorosi dreamorosi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for the PR.

There are still a few gaps to address before we can merge. In particular:

  • The module’s execution flow and middleware order need to be aligned with our conventions (e.g., destructuring of reqCtx, middleware ordering, etc.).
  • Please run the linter and fix notices/warnings/errors. Import order is unsorted in several files.
  • Please follow project conventions and place constants, types, and modules in appropriate files; follow test style and conventions
  • Remove the example files from this PR; we’ll add examples in a separate documentation-focused PR.

Meta/process note:
I’ve noticed several recent PRs landing with red CI (linting and tests). To keep reviews efficient, please ensure before requesting review that:

  • All tests pass locally and in CI.
  • Linting is clean (no warnings/errors).
  • Pre-commit hooks run successfully.

If CI is red, we’ll pause reviews until it’s green. If this remains an issue across PRs, we may close the PR and handle the changes internally to keep momentum.

If you’re running into setup issues, let us know - we’re happy to help you get the local environment/hooks configured.

8000
@dreamorosi
Copy link
Contributor

Hi @dcabib, we would like to merge this today since we are on a tight schedule and we have other PRs in the pipeline that will impact areas of the code changed in this one.

Let us know if you're able to address the feedback or have questions.

Thank you!

@dani-abib
fix: address all review feedback
c06500b 
- Moved CorsOptions type to types/rest.ts
- Moved DEFAULT_CORS_OPTIONS to constants.ts
- Fixed middleware to mutate existing headers
- Updated tests with Prepare/Act/Assess pattern
- Removed example files (will add in docs PR)
- Fixed all linting issues
- Converted functions to arrow functions
@dcabib
Copy link
Contributor Author
dcabib commented Sep 15, 2025

Hey @svozza @dreamorosi! 👋

Just pushed all the requested changes. Man, you guys caught some good stuff - totally missed that I was creating new Headers instead of mutating the existing ones 🤦‍♂️

Here's what I fixed:

  • Moved all the types and constants where they belong (no more mixing runtime with types!)
  • Fixed that middleware to properly mutate res.headers
  • Cleaned up all the tests with the Prepare/Act/Assess pattern
  • Nuked those example files - they'll live in the docs PR
  • Arrow functions everywhere now 🏹
  • Linting is squeaky clean ✨

All 26 CORS tests are passing! The other test failures are from that missing testing-utils dependency that was already broken on main.

Build works great, both ESM and CJS are happy. Should be good to merge now!

Let me know if you spot anything else - ready to fix whatever's needed to get this in today 🚀

@sdangol
Copy link
Contributor
sdangol commented Sep 18, 2025

Hi @dcabib, there were some feedbacks r ED4F emaining and some missing test coverage which I've now addressed due to our schedule.

@pull-request-size pull-request-size bot added size/L PRs between 100-499 LOC and removed size/XL PRs between 500-999 LOC, often PRs that grown with feedback labels Sep 18, 2025
svozza
svozza reviewed Sep 18, 2025
View reviewed changes
@dreamorosi dreamorosi requested a review from svozza September 18, 2025 13:36
dreamorosi
dreamorosi reviewed Sep 18, 2025
View reviewed changes
@dreamorosi dreamorosi self-requested a review September 18, 2025 13:38
dreamorosi
dreamorosi reviewed Sep 18, 2025
View reviewed changes
Copy link
Contributor
@dreamorosi dreamorosi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Left a couple of final comments, I'll leave the actual approval to @svozza.

Besides these two comments:

  • make sure we're checking not only default cors options in the tests (if I've missed it, ignore this comment)
  • update PR body to reflect the final spec (not everything mentioned in the PR body is present in the final version)

@dreamorosi dreamorosi dismissed their stale review September 18, 2025 13:41

Left a general comment since all previous changes I requested were addressed. Will leave final review to other maintainer.

@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@svozza svozza merged commit 972cd1f into aws-powertools:main Sep 18, 2025
34 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dreamorosi dreamorosi dreamorosi left review comments

@sdangol sdangol sdangol left review comments

@svozza svozza svozza approved these changes

Assignees

@sdangol sdangol

@dcabib dcabib

Labels

event-handler This item relates to the Event Handler Utility size/L PRs between 100-499 LOC tests PRs that add or change tests

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Feature request: Implement CORS middleware for REST API

5 participants

@dcabib @dreamorosi @sdangol @svozza @dani-abib
0