Expand http cors tests for maxAge. Last maxAge defined for a path

wins in a merge.
2026-01-18 14:58:43 +00:00 · 2018-03-26 22:19:51 -04:00 · 2018-03-26 22:19:51 -04:00 · ffa67cf2dd
commit ffa67cf2dd
parent 8140f44af0
2 changed files with 39 additions and 2 deletions
--- a/lib/plugins/aws/package/compile/events/apiGateway/lib/validate.js
+++ b/lib/plugins/aws/package/compile/events/apiGateway/lib/validate.js
@ -60,7 +60,11 @@ module.exports = {
            cors.origins = _.union(http.cors.origins, cors.origins);
            cors.origin = http.cors.origin || '*';
            cors.allowCredentials = cors.allowCredentials || http.cors.allowCredentials;
-            cors.maxAge = cors.maxAge || http.cors.maxAge;
+
+            // when merging, last one defined wins
+            if (_.has(http.cors, 'maxAge')) {
+              cors.maxAge = http.cors.maxAge;
+            }

            corsPreflight[http.path] = cors;
          }
@ -333,6 +337,12 @@ module.exports = {
      if (cors.methods.indexOf(http.method.toUpperCase()) === NOT_FOUND) {
        cors.methods.push(http.method.toUpperCase());
      }
+      if (_.has(cors, 'maxAge')) {
+        if (!_.isInteger(cors.maxAge) || cors.maxAge < 1) {
+          const errorMessage = 'maxAge should be an integer over 0';
+          throw new this.serverless.classes.Error(errorMessage);
+        }
+      }
    } else {
      cors.methods.push(http.method.toUpperCase());
    }
--- a/lib/plugins/aws/package/compile/events/apiGateway/lib/validate.test.js
+++ b/lib/plugins/aws/package/compile/events/apiGateway/lib/validate.test.js
@ -643,6 +643,7 @@ describe('#validate()', () => {
                headers: ['X-Foo-Bar'],
                origins: ['acme.com'],
                methods: ['POST', 'OPTIONS'],
+                maxAge: 86400,
              },
            },
          },
@ -657,10 +658,11 @@ describe('#validate()', () => {
      methods: ['POST', 'OPTIONS'],
      origins: ['acme.com'],
      allowCredentials: false,
+      maxAge: 86400,
    });
  });

-  it('should merge all preflight origins, method, headers and allowCredentials for a path', () => {
+  it('should merge all preflight origins, method, headers, maxAge and allowCredentials for a path', () => {
    awsCompileApigEvents.serverless.service.functions = {
      first: {
        events: [
@ -673,6 +675,7 @@ describe('#validate()', () => {
                  'http://example.com',
                ],
                allowCredentials: true,
+                maxAge: 10000,
              },
            },
          }, {
@ -683,6 +686,7 @@ describe('#validate()', () => {
                origins: [
                  'http://example2.com',
                ],
+                maxAge: 86400,
              },
            },
          }, {
@ -717,12 +721,35 @@ describe('#validate()', () => {
      .to.deep.equal(['http://example2.com', 'http://example.com']);
    expect(validated.corsPreflight['users/{id}'].headers)
      .to.deep.equal(['TestHeader2', 'TestHeader']);
+    expect(validated.corsPreflight.users.maxAge)
+      .to.equal(86400);
    expect(validated.corsPreflight.users.allowCredentials)
      .to.equal(true);
    expect(validated.corsPreflight['users/{id}'].allowCredentials)
      .to.equal(false);
  });

+  it('should throw an error if the maxAge is not a positive integer', () => {
+    awsCompileApigEvents.serverless.service.functions = {
+      first: {
+        events: [
+          {
+            http: {
+              method: 'POST',
+              path: '/foo/bar',
+              cors: {
+                origin: '*',
+                maxAge: -1,
+              },
+            },
+          },
+        ],
+      },
+    };
+
+    expect(() => awsCompileApigEvents.validate()).to.throw(Error);
+  });
+
  it('should add default statusCode to custom statusCodes', () => {
    awsCompileApigEvents.serverless.service.functions = {
      first: {