Response headers are broken

[bleshik]

I've got an express app which returns some CORS headers. For some reason the headers get broken when the app is proxied through this lib on AWS Lambda.

Real express headers:
HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Vary: Access-Control-Request-Headers
Access-Control-Expose-Headers: Origin,X-Requested-With,Content-Type,Accept,RestrictingPassword
Date: Fri, 16 Jun 2017 11:41:48 GMT
Connection: keep-alive
Content-Length: 0

Headers I get from lambda:
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 0
Connection: keep-alive
Date: Fri, 16 Jun 2017 11:38:55 GMT
x-amzn-RequestId: 612405ba-5288-11e7-bc6e-e92a68da5155
access-control-allow-origin: https://example.com
x-amzn-Remapped-content-length: 0
x-amzn-Remapped-connection: close
vary: Origin, Access-Control-Request-Headers
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
x-powered-by: Express
access-control-expose-headers: Origin,X-Requested-With,Content-Type,Accept,RestrictingPassword
X-Amzn-Trace-Id: sampled=0;root=1-5943c34f-44ea4b69896397eb4508c44f
x-amzn-Remapped-date: Fri, 16 Jun 2017 11:38:55 GMT
access-control-allow-credentials: true

As a result browsers do not recognise the CORS headers and nothing works.
I bet the problem is here https://github.com/awslabs/aws-serverless-express/blob/master/index.js#L73

[bleshik]

Oh no, looks like it's the "http" package's problem. nodejs/node-v0.x-archive#1954

[brettstack]

Remove the OPTIONS methods from the swagger file if you want to handle it with Lambda. Or update it with your requirements. If you leave it in Swagger, API Gateway will respond to OPTIONS calls for you which will be slightly faster.

[bleshik]

Ok, just found out that browsers expect to see CORS headers not only for OPTIONS requests, but for all requests, which seems to be the problem I had.
Anyway, modifying headers still look weird to me, so I'll let this issue be open for now.

[brettstack]

What do you mean "modifying headers"?

[brettstack]

Assuming you're referring to what you linked to earlier https://github.com/awslabs/aws-serverless-express/blob/master/index.js#L73. This only applies to headers which are an array. This is a hack which allows API Gateway to receive multiple headers (usually for cookies) which wouldn't work without this hack. It will not affect CORS headers which should not be arrays.

[bleshik]

All headers are returned in lower case no matter what. For example,
Access-Control-Allow-Origin: https://example.com
will be returned as:
access-control-allow-origin: https://example.com

This happens because of the way how http package (which is used by the proxy) handles headers. See nodejs/node-v0.x-archive#1954

[brettstack]

This lib won't modify casing other than the mentioned set-cookie hack. If lower-casing is happening, it is at the API Gateway layer. Either way, this is not the issue you're having with CORS. Okay to close?

[AmrAnwar]

@bleshik Hey, did you find out what was causing the changing of the casing, I have the same issue now.