return CORS headers on API Gateway OPTIONS requests (localstack#418)

whummer · web-flow · commit 9e034baaa7fc · 2017-10-23T21:04:45.000-04:00
diff --git a/localstack/services/apigateway/apigateway_listener.py b/localstack/services/apigateway/apigateway_listener.py
@@ -124,6 +124,19 @@ def get_resource_for_path(path, path_map):
     return matches[0]
 
 
+def get_cors_response(headers):
+    # TODO: for now we simply return "allow-all" CORS headers, but in the future
+    # we should implement custom headers for CORS rules, as supported by API Gateway:
+    # http://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-cors.html
+    response = Response()
+    response.status_code = 200
+    response.headers['Access-Control-Allow-Origin'] = '*'
+    response.headers['Access-Control-Allow-Methods'] = 'GET, POST, PUT, DELETE'
+    response.headers['Access-Control-Allow-Headers'] = '*'
+    response._content = ''
+    return response
+
+
 class ProxyListenerApiGateway(ProxyListener):
 
     def forward_request(self, method, path, data, headers):
@@ -147,6 +160,11 @@ def forward_request(self, method, path, data, headers):
                 integration = integrations.get(method, {})
                 integration = integration.get('methodIntegration')
                 if not integration:
+
+                    if method == 'OPTIONS' and 'Origin' in headers:
+                        # default to returning CORS headers if this is an OPTIONS request
+                        return get_cors_response(headers)
+
                     return make_error('Unable to find integration for path %s' % path, 404)
 
             uri = integration.get('uri')
diff --git a/tests/integration/test_api_gateway.py b/tests/integration/test_api_gateway.py
@@ -1,3 +1,4 @@
+import re
 import json
 from requests.models import Response
 from localstack.constants import DEFAULT_REGION
@@ -139,9 +140,19 @@ def forward_request(self, **kwargs):
     # create API Gateway and connect it to the HTTP backend
     result = connect_api_gateway_to_http('test_gateway2', backend_url, path=API_PATH_HTTP_BACKEND)
 
-    # make test request to gateway
     url = INBOUND_GATEWAY_URL_PATTERN.format(api_id=result['id'],
         stage_name=TEST_STAGE_NAME, path=API_PATH_HTTP_BACKEND)
+
+    # make sure CORS headers are present
+    origin = 'localhost'
+    result = requests.options(url, headers={'origin': origin})
+    print(result.status_code)
+    print(result._content)
+    assert result.status_code == 200
+    assert re.match(result.headers['Access-Control-Allow-Origin'].replace('*', '.*'), origin)
+    assert 'POST' in result.headers['Access-Control-Allow-Methods']
+
+    # make test request to gateway
     result = requests.get(url)
     assert result.status_code == 200
     assert to_str(result.content) == '{}'
