H
Hono5mo ago
nullfox

Hono CORS lambda duplicate headers

I'm using Hono with Lambda and managing CORS myself instead of using AWS API Gateway CORS configuration. My code looks like
import { Hono, Context as HonoContext } from 'hono';
import { cors as corsMiddleware } from 'hono/cors';

import { upsertInvoice } from './embed/routes/v1/upsertInvoice.js';

const routes = [
{
method: ['POST'],
path: '/v1/invoices',
handler: upsertInvoice,
},
];

export const server = new Hono();

const cors = corsMiddleware({
allowMethods: ['GET', 'POST', 'OPTIONS'],
allowHeaders: [
'Content-Type',
'X-Amz-Date',
'Authorization',
'X-Api-Key',
'X-Amz-Security-Token',
],
origin: '*',
});

routes.forEach((route) => {
// Register the actual route
server.on(route.method, route.path, route.handler);

// Register cors for the route
server.on(['OPTIONS'], route.path, cors);
});
import { Hono, Context as HonoContext } from 'hono';
import { cors as corsMiddleware } from 'hono/cors';

import { upsertInvoice } from './embed/routes/v1/upsertInvoice.js';

const routes = [
{
method: ['POST'],
path: '/v1/invoices',
handler: upsertInvoice,
},
];

export const server = new Hono();

const cors = corsMiddleware({
allowMethods: ['GET', 'POST', 'OPTIONS'],
allowHeaders: [
'Content-Type',
'X-Amz-Date',
'Authorization',
'X-Api-Key',
'X-Amz-Security-Token',
],
origin: '*',
});

routes.forEach((route) => {
// Register the actual route
server.on(route.method, route.path, route.handler);

// Register cors for the route
server.on(['OPTIONS'], route.path, cors);
});
When I deploy this to AWS and do an OPTIONS request to that endpoint, I'm getting duplicate CORS headers like:
< date: Wed, 31 Jul 2024 17:38:25 GMT
< access-control-allow-headers: Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token
< access-control-allow-headers: Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token
< access-control-allow-methods: GET,POST,OPTIONS
< access-control-allow-methods: GET,POST,OPTIONS
< access-control-allow-origin: *
< access-control-allow-origin: *
< vary: Access-Control-Request-Headers
< vary: Access-Control-Request-Headers
< apigw-requestid: byd2yghRIAMEPdA=
< date: Wed, 31 Jul 2024 17:38:25 GMT
< access-control-allow-headers: Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token
< access-control-allow-headers: Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token
< access-control-allow-methods: GET,POST,OPTIONS
< access-control-allow-methods: GET,POST,OPTIONS
< access-control-allow-origin: *
< access-control-allow-origin: *
< vary: Access-Control-Request-Headers
< vary: Access-Control-Request-Headers
< apigw-requestid: byd2yghRIAMEPdA=
I'm unclear on what I'm doing wrong that wouldo generate these dupe headers that breaks CORS
0 Replies
No replies yetBe the first to reply to this messageJoin
Want results from more Discord servers?
Add your server