nullfox
nullfox
PostsComments
HHono
Created by nullfox on 7/31/2024 in #help
Hono CORS lambda duplicate headers
I'm using Hono with Lambda and managing CORS myself instead of using AWS API Gateway CORS configuration. My code looks like 
import { Hono, Context as HonoContext } from 'hono';
import { cors as corsMiddleware } from 'hono/cors';

import { upsertInvoice } from './embed/routes/v1/upsertInvoice.js';

const routes = [
    {
        method: ['POST'],
        path: '/v1/invoices',
        handler: upsertInvoice,
    },
];

export const server = new Hono();

const cors = corsMiddleware({
    allowMethods: ['GET', 'POST', 'OPTIONS'],
    allowHeaders: [
        'Content-Type',
        'X-Amz-Date',
        'Authorization',
        'X-Api-Key',
        'X-Amz-Security-Token',
    ],
    origin: '*',
});

routes.forEach((route) => {
    // Register the actual route
    server.on(route.method, route.path, route.handler);

    // Register cors for the route
    server.on(['OPTIONS'], route.path, cors);
});
import { Hono, Context as HonoContext } from 'hono';
import { cors as corsMiddleware } from 'hono/cors';

import { upsertInvoice } from './embed/routes/v1/upsertInvoice.js';

const routes = [
    {
        method: ['POST'],
        path: '/v1/invoices',
        handler: upsertInvoice,
    },
];

export const server = new Hono();

const cors = corsMiddleware({
    allowMethods: ['GET', 'POST', 'OPTIONS'],
    allowHeaders: [
        'Content-Type',
        'X-Amz-Date',
        'Authorization',
        'X-Api-Key',
        'X-Amz-Security-Token',
    ],
    origin: '*',
});

routes.forEach((route) => {
    // Register the actual route
    server.on(route.method, route.path, route.handler);

    // Register cors for the route
    server.on(['OPTIONS'], route.path, cors);
});
When I deploy this to AWS and do an OPTIONS request to that endpoint, I'm getting duplicate CORS headers like: 
< date: Wed, 31 Jul 2024 17:38:25 GMT
< access-control-allow-headers: Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token
< access-control-allow-headers: Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token
< access-control-allow-methods: GET,POST,OPTIONS
< access-control-allow-methods: GET,POST,OPTIONS
< access-control-allow-origin: *
< access-control-allow-origin: *
< vary: Access-Control-Request-Headers
< vary: Access-Control-Request-Headers
< apigw-requestid: byd2yghRIAMEPdA=
< date: Wed, 31 Jul 2024 17:38:25 GMT
< access-control-allow-headers: Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token
< access-control-allow-headers: Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token
< access-control-allow-methods: GET,POST,OPTIONS
< access-control-allow-methods: GET,POST,OPTIONS
< access-control-allow-origin: *
< access-control-allow-origin: *
< vary: Access-Control-Request-Headers
< vary: Access-Control-Request-Headers
< apigw-requestid: byd2yghRIAMEPdA=
I'm unclear on what I'm doing wrong that wouldo generate these dupe headers that breaks CORS
1 replies