diff --git a/lib/plugins/aws/package/compile/events/apiGateway/lib/validate.js b/lib/plugins/aws/package/compile/events/apiGateway/lib/validate.js index cb09de414..6d1b82947 100644 --- a/lib/plugins/aws/package/compile/events/apiGateway/lib/validate.js +++ b/lib/plugins/aws/package/compile/events/apiGateway/lib/validate.js @@ -60,7 +60,11 @@ module.exports = { cors.origins = _.union(http.cors.origins, cors.origins); cors.origin = http.cors.origin || '*'; cors.allowCredentials = cors.allowCredentials || http.cors.allowCredentials; - cors.maxAge = cors.maxAge || http.cors.maxAge; + + // when merging, last one defined wins + if (_.has(http.cors, 'maxAge')) { + cors.maxAge = http.cors.maxAge; + } corsPreflight[http.path] = cors; } @@ -333,6 +337,12 @@ module.exports = { if (cors.methods.indexOf(http.method.toUpperCase()) === NOT_FOUND) { cors.methods.push(http.method.toUpperCase()); } + if (_.has(cors, 'maxAge')) { + if (!_.isInteger(cors.maxAge) || cors.maxAge < 1) { + const errorMessage = 'maxAge should be an integer over 0'; + throw new this.serverless.classes.Error(errorMessage); + } + } } else { cors.methods.push(http.method.toUpperCase()); } diff --git a/lib/plugins/aws/package/compile/events/apiGateway/lib/validate.test.js b/lib/plugins/aws/package/compile/events/apiGateway/lib/validate.test.js index 4e481c9d8..b8c659e15 100644 --- a/lib/plugins/aws/package/compile/events/apiGateway/lib/validate.test.js +++ b/lib/plugins/aws/package/compile/events/apiGateway/lib/validate.test.js @@ -643,6 +643,7 @@ describe('#validate()', () => { headers: ['X-Foo-Bar'], origins: ['acme.com'], methods: ['POST', 'OPTIONS'], + maxAge: 86400, }, }, }, @@ -657,10 +658,11 @@ describe('#validate()', () => { methods: ['POST', 'OPTIONS'], origins: ['acme.com'], allowCredentials: false, + maxAge: 86400, }); }); - it('should merge all preflight origins, method, headers and allowCredentials for a path', () => { + it('should merge all preflight origins, method, headers, maxAge and allowCredentials for a path', () => { awsCompileApigEvents.serverless.service.functions = { first: { events: [ @@ -673,6 +675,7 @@ describe('#validate()', () => { 'http://example.com', ], allowCredentials: true, + maxAge: 10000, }, }, }, { @@ -683,6 +686,7 @@ describe('#validate()', () => { origins: [ 'http://example2.com', ], + maxAge: 86400, }, }, }, { @@ -717,12 +721,35 @@ describe('#validate()', () => { .to.deep.equal(['http://example2.com', 'http://example.com']); expect(validated.corsPreflight['users/{id}'].headers) .to.deep.equal(['TestHeader2', 'TestHeader']); + expect(validated.corsPreflight.users.maxAge) + .to.equal(86400); expect(validated.corsPreflight.users.allowCredentials) .to.equal(true); expect(validated.corsPreflight['users/{id}'].allowCredentials) .to.equal(false); }); + it('should throw an error if the maxAge is not a positive integer', () => { + awsCompileApigEvents.serverless.service.functions = { + first: { + events: [ + { + http: { + method: 'POST', + path: '/foo/bar', + cors: { + origin: '*', + maxAge: -1, + }, + }, + }, + ], + }, + }; + + expect(() => awsCompileApigEvents.validate()).to.throw(Error); + }); + it('should add default statusCode to custom statusCodes', () => { awsCompileApigEvents.serverless.service.functions = { first: {