npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@spencerbeggs/aws-lambda-cors

v2.0.3

Published

Utility module for basic handling of CORS responses for serverless AWS Lambda functions attached to API Gateway.

Downloads

12

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

spencerbeggsspencerbeggs

Keywords

AWSLambdaCORSAPI Gatewayserverless

Readme

AWS Lambda CORS

Build Status Coverage Status Known Vulnerabilities

AWS has made setting up microservice APIs a breeze by attaching Lambda functions to API Gateways with via Lambda Proxy Integrations in API Gateway. But when you need more than basic CORS handling you may find yourself writing a lot of duplicate or too-clever-by-half code to handle setting proper headers on your responses. Testing your handlers directly with a testing library like Jest can also become a chore as you may find yourself working around your CORS-handling code. This module attempts to abstrct basic header handling handling to allow you to focus of the business-logic of your serverless functions.

Basic Usage

const { cors } = require("@spencerbeggs/aws-lambda-cors");

module.export.handler = function() {
  const { event, context, callback, data, response } = cors(...arguments);
  response.body = JSON.stringify({
    message: "Hello, world!"
  });
  callback(null, response);
};

The cors function will automatically respond with a 204 repsonse when it encounters a OPTIONS request with the Access-Control-Allow-Origin, Access-Control-Allow-Headers, Access-Control-Allow-Methods andAccess-Control-Max-Age. For other types of requests the function returns the regular event, context and callback arguments available to a Lamabda functions you would expect to from a proxy integration.

The response argument is simply an object with origin headers setup and its statusCode propery set to 200. If you want to send a JSON response, you need to set the body property of the response object and send stringified JSON.

If the event passed to your function has a Content-Type header starting with to application/json, the function attempts to parse the event body with JSON.parse and return the resulting JSON as the data return value. If the body cannot be parsed into JSON, the funtion will automatically callback with a 400 response.

Note: You can set module.exports.handler to function() or async function() but you cannot set it to () => or async () => because fat arrow functions do not have bindings to the arguments keyword.

Advanced Usage

The cors function takes a second options argument that is an object, with the following optional properties: allowedOrigins, allowedMethods, allowedHeaders and maxAge. The allowedOrigins, allowedMethods and allowedHeaders properties can be passed as either arrays of strings or as a comma-seperated string. maxAge is just a string. You can also pass these options from process.env with the respective vaiable names: CORS_ALLOWED_ORIGINS, CORS_ALLOWED_METHODS, CORS_ALLOWED_HEADERS and CORS_MAX_AGE.

const { cors } = require("@spencerbeggs/aws-lambda-cors");

module.export.handler = function() {
  const options = {
    allowedOrigins: ["https://mysite.com", "https://anothersite.com"]
    allowedMethods: ["POST", "PATCH"],
    allowedHeaders: "X-Custom-Header",
    maxAge: "800"
  };
  const { event, context, callback, data, response } = cors(...arguments, options);
  response.body = JSON.stringify({
    message: "Hello, world!"
  });
  callback(null, response);
};

The default options object looks like:

const options = {
  allowedOrigins: "*",
  allowedMethods: ["GET", "OPTIONS", "POST", "PUT", "PATCH", "DELETE"],
  allowedHeaders: [
    "Content-Type",
    "X-Amz-Date",
    "Authorization",
    "X-Api-Key",
    "X-Amz-Security-Token"
  ],
  maxAge: "600"
};

You can also set the options by passing values to process.env: process.env.CORS_ALLOWED_ORIGINS, process.env.CORS_ALLOWED_METHODS, process.env.CORS_ALLOWED_HEADERS and process.env.CORS_MAX_AGE.

Example CloudFormation Template

Below is a simple CloudFormation template that uses AWS:Serverless Transform that attaches API Gateway to a serverless function handler for your API endpoint. Note that both the POST and OPTIONS events point to the same code bundle as this module provides the CORS handling for both.

AWSTemplateFormatVersion: "2010-09-09"
Transform: AWS::Serverless-2016-10-31
Resources:
  Role:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
          - Effect: Allow
            Principal:
              Service:
                - "lambda.amazonaws.com"
            Action:
              - "sts:AssumeRole"
      ManagedPolicyArns:
        - "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
        - "arn:aws:iam::aws:policy/CloudWatchLogsFullAccess"
  MyFunction:
    Type: "AWS::Serverless::Function"
    Properties:
      CodeUri: s3://my-lambda-functions-bucket/myfunction.zip
      Handler: index.handler
      Runtime: nodejs10.x
      Role: !GetAtt Role.Arn
      Timeout: 3
      Environment:
        Variables:
          CORS_ALLOWED_ORIGINS: "https://siteone.com,https://sitetwo.com"
          CORS_ALLOWED_METHODS: "POST"
      Events:
        post:
          Type: Api
          Properties:
            Path: /my-endpoint
            Method: POST
        options:
          Type: Api
          Properties:
            Path: /my-endpoint
            Method: OPTIONS