Enable CORS about event-gateway-sdk HOT 13 CLOSED

Hey @mpadmaraj, thanks for reporting this. Let's see if we can get it figured out.

Are you using our hosted Event Gateway, or are you running your own Event Gateway? If you're running the hosted Event Gateway, can you paste the output of this command:

curl -X GET \
  https://config.slsgateway.com/v1/spaces/${APP_NAME}/cors \
  -H 'Authorization: Bearer ${EVENT_GATEWAY_ACCESS_KEY}'

Please replace ${APP_NAME} with the name of your app and ${EVENT_GATEWAY_ACCESS_KEY} with your access key.

from event-gateway-sdk.

I tried with my APP_NAME and EVENT_GATEWAY_ACCESS_KEY but got this error:
{"errors":[{"message":"You're not authorized to access this resource."}]}

But when I tried replacing ${APP_NAME} with TENANT-APP_NAME then the response was:
{"cors":[]}

from event-gateway-sdk.

Thanks for the additional info, @mpadmaraj.

What version of the serverless-event-gateway-plugin are you using?

from event-gateway-sdk.

it is 0.7.4

from event-gateway-sdk.

Here is my complete serverless.yml just in case you see something amiss:

service: send-notification
app: myapp
tenant: tenant1

custom:
  eventgateway:
    url: ${env:EVENT_GATEWAY_APPLICATION}
    accessKey: ${env:EVENT_GATEWAY_ACCESS_KEY}
  eventTypes:
    http.request
    app.sendMail

plugins:
  - "@serverless/serverless-event-gateway-plugin"
  - serverless-offline

provider:
  name: aws
  runtime: nodejs8.10
  stage: dev
  region: ap-south-1
  environment:
     URL: ${self:custom.eventgateway.url}

functions:
  sendMessage:
    handler: handler.send
    events:
      - eventgateway:
          type: sync
          eventType: http.request
          path: /send/message
          method: POST
          cors: true
  sendMail:
    handler: handler.sendMail
    environment:
      senderEmail: ${env:MAIL_SMTP_FROM}
      user: ${env:MAIL_SMTP_USER}
      password: ${env:MAIL_SMTP_PASSWORD}
    events:
      - eventgateway:
          type: async
          eventType: app.sendMail

from event-gateway-sdk.

Thanks @mpadmaraj. There's nothing I can see that's clearly wrong.

Could you try running an sls deploy again, then checking the CORS API endpoint?

from event-gateway-sdk.

I got the same response: {"cors":[]}. My sls version is 1.28.0 which is the latest. could that be a problem?

from event-gateway-sdk.

Thanks @mpadmaraj. I'm still not quite sure why this isn't working.

Are you able to remove and redeploy your entire service? sls remove, then sls deploy ?

from event-gateway-sdk.

Now the cors was set when I hit the config endpoint:
{"cors":[{"space":"padmaraj-appmail","corsId":"POST%2Fpadmaraj-appmail%2Fsend%2Fmessage","method":"POST","path":"/padmaraj-appmail/send/message","allowedOrigins":["*"],"allowedMethods":["HEAD","GET","POST"],"allowedHeaders":["Origin","Accept","Content-Type"],"allowCredentials":false,"metadata":{"service":"send-notification","stage":"dev"}}]}

but when I hit the /send/message endpoint:
https://padmaraj-appmail.slsgateway.com/send/message POST, browser first sends OPTIONS. Since I do not see that in allowedMethods, we do not get Access-Control-Allow-Origin header in response. I think OPTIONS should also be part of allowedMethods, right?

from event-gateway-sdk.

Great! Thanks, @mpadmaraj. I'll close this one, and the similar one in the plugin repo.

Feel free to reach out if you have additional questions.

from event-gateway-sdk.

Thanks @alexdebrie ! Can we by default add OPTIONS in allowedMethods?

from event-gateway-sdk.

@mpadmaraj I'm going to let @mthenw chime on in whether we can add OPTIONS as a default.

In the meantime, you can specify all CORS options yourself if you'd like:

functions:
  sendMessage:
    handler: handler.send
    events:
      - eventgateway:
          type: sync
          eventType: http.request
          path: /send/message
          method: POST
          cors: 
            origins: "*"
            methods:
              - GET
              - POST
              - OPTIONS
            headers:
              - Content-Type
              - Authorization
            allowCredentials: true

from event-gateway-sdk.

Sure @alexdebrie . I had to make a minor change in origins to deploy:

functions:
  sendMessage:
    handler: handler.send
    events:
      - eventgateway:
          type: sync
          eventType: http.request
          path: /send/message
          method: POST
          cors:
            origins: 
              - "*"
            methods:
              - GET
              - POST
              - OPTIONS
            headers:
              - Content-Type
              - Authorization
            allowCredentials: true

But with this the config endpoint gives empty cors:
{"cors":[]}

I did sls remove and then sls deploy

from event-gateway-sdk.