fix(apigateway): set passthrough behavior to avoid errors on CORS preflight requests

[takeshixx]

Set passthroughBehavior behavior to NEVER to prevent errors for CORS preflight requests with content-types other than application/json.

Issue # (if applicable)

This was reported as #18297, but it was closed without a fix.

Reason for this change

Using addCorsPreflight() will add a mock integration for OPTIONS requests and maps them to content-type application/json. OPTIONS requests with a content-type header other than application/json lead to HTTP 500 Internal Server Errors.

Description of changes

Setting the passthroughBehavior to NEVER returns a mime type error instead of a internal server error, which is the appropriate response.

It should be noted that this setting was proposed in the initial implementation of addCorsPreflight() in #906 already. However, it looks like it didn't make it into the CDK. Instead the default configuration is use, which sets it to WHEN_NO_MATCH.

Description of how you validated changes

I tested the change by manually overriding the passthroughBehavior on the LambdaRestApi resource:

lambdaRestApi.methods
      .filter((m) => m.httpMethod === 'OPTIONS')
      .forEach((om) => {
        om.node.children.forEach((c) => {
          const mm = c as apigw.CfnMethod;
          mm.addOverride('Properties.Integration.PassthroughBehavior', apigw.PassthroughBehavior.NEVER);
        });
      });

Checklist

• My code adheres to the CONTRIBUTING GUIDE and DESIGN GUIDELINES

---

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

[aws-cdk-automation]

The pull request linter has failed. See the aws-cdk-automation comment below for failure reasons. If you believe this pull request should receive an exemption, please comment and provide a justification.

A comment requesting an exemption should contain the text Exemption Request. Additionally, if clarification is needed add Clarification Request to a comment.

[takeshixx]

Clarification Request if test cases are required. No "code changes", just changed a mock integration setting.

[paulhcsun]

Hi @takeshixx, apologies for the late response. As discussed, please add a unit test case for this change and run the integ tests to update any snapshots.

[aws-cdk-automation]

This PR has been in the CHANGES REQUESTED state for 3 weeks, and looks abandoned. To keep this PR from being closed, please continue work on it. If not, it will automatically be closed in a week.

[aws-cdk-automation]

AWS CodeBuild CI Report

• CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
• Commit ID: 3710c7d
• Result: FAILED
• Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

[takeshixx]

I have added a unit test that calls resource.addCorsPreflight() and ensures PassthroughBehavior is set to NEVER. I ran:

cd packages/aws-cdk-list
yarn build
yarn test

And the test ran without errors. Is there anything else that is missing?

[aws-cdk-automation]

This PR has been deemed to be abandoned, and will be automatically closed. Please create a new PR for these changes if you think this decision has been made in error.

[github-actions]

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.

[aws-cdk-automation]

The pull request linter fails with the following errors:

❌ Fixes must contain a change to an integration test file and the resulting snapshot.

PRs must pass status checks before we can provide a meaningful review.

If you would like to request an exemption from the status checks or clarification on feedback, please leave a comment on this PR containing Exemption Request and/or Clarification Request.