Hono CORS lambda duplicate headers
I'm using Hono with Lambda and managing CORS myself instead of using AWS API Gateway CORS configuration.
My code looks like
When I deploy this to AWS and do an OPTIONS request to that endpoint, I'm getting duplicate CORS headers like:
I'm unclear on what I'm doing wrong that wouldo generate these dupe headers that breaks CORS
My code looks like
import { Hono, Context as HonoContext } from 'hono';
import { cors as corsMiddleware } from 'hono/cors';
import { upsertInvoice } from './embed/routes/v1/upsertInvoice.js';
const routes = [
{
method: ['POST'],
path: '/v1/invoices',
handler: upsertInvoice,
},
];
export const server = new Hono();
const cors = corsMiddleware({
allowMethods: ['GET', 'POST', 'OPTIONS'],
allowHeaders: [
'Content-Type',
'X-Amz-Date',
'Authorization',
'X-Api-Key',
'X-Amz-Security-Token',
],
origin: '*',
});
routes.forEach((route) => {
// Register the actual route
server.on(route.method, route.path, route.handler);
// Register cors for the route
server.on(['OPTIONS'], route.path, cors);
});import { Hono, Context as HonoContext } from 'hono';
import { cors as corsMiddleware } from 'hono/cors';
import { upsertInvoice } from './embed/routes/v1/upsertInvoice.js';
const routes = [
{
method: ['POST'],
path: '/v1/invoices',
handler: upsertInvoice,
},
];
export const server = new Hono();
const cors = corsMiddleware({
allowMethods: ['GET', 'POST', 'OPTIONS'],
allowHeaders: [
'Content-Type',
'X-Amz-Date',
'Authorization',
'X-Api-Key',
'X-Amz-Security-Token',
],
origin: '*',
});
routes.forEach((route) => {
// Register the actual route
server.on(route.method, route.path, route.handler);
// Register cors for the route
server.on(['OPTIONS'], route.path, cors);
});When I deploy this to AWS and do an OPTIONS request to that endpoint, I'm getting duplicate CORS headers like:
< date: Wed, 31 Jul 2024 17:38:25 GMT
< access-control-allow-headers: Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token
< access-control-allow-headers: Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token
< access-control-allow-methods: GET,POST,OPTIONS
< access-control-allow-methods: GET,POST,OPTIONS
< access-control-allow-origin: *
< access-control-allow-origin: *
< vary: Access-Control-Request-Headers
< vary: Access-Control-Request-Headers
< apigw-requestid: byd2yghRIAMEPdA=< date: Wed, 31 Jul 2024 17:38:25 GMT
< access-control-allow-headers: Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token
< access-control-allow-headers: Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token
< access-control-allow-methods: GET,POST,OPTIONS
< access-control-allow-methods: GET,POST,OPTIONS
< access-control-allow-origin: *
< access-control-allow-origin: *
< vary: Access-Control-Request-Headers
< vary: Access-Control-Request-Headers
< apigw-requestid: byd2yghRIAMEPdA=I'm unclear on what I'm doing wrong that wouldo generate these dupe headers that breaks CORS
