fix(event_handler): don't be smart about multiple headers

Author: rubenfonseca

aws_lambda_powertools/shared/headers_serializer.py

@@ -49,8 +49,7 @@ def serialize(self, headers: Dict[str, str], cookies: List[str]) -> Dict[str, An
         payload: Dict[str, List[str]] = {}
 
         for key, value in headers.items():
-            values = value.split(",")
-            payload[key] = [value.strip() for value in values]
+            payload[key] = [value]
 
         if cookies:
             payload.setdefault("Set-Cookie", [])
@@ -82,14 +81,6 @@ def serialize(self, headers: Dict[str, str], cookies: List[str]) -> Dict[str, An
             payload["headers"]["Set-Cookie"] = cookies[-1]
 
         for key, value in headers.items():
-            values = value.split(",")
-            if len(values) > 1:
-                warnings.warn(
-                    "Can't encode more than on header with the same key in the response. "
-                    "Did you enable multiValueHeaders on the ALB Target Group?"
-                )
-
-            # We can only send on header for this key, send the last value
-            payload["headers"][key] = values[-1].strip()
+            payload["headers"][key] = value
 
         return payload

tests/functional/event_handler/test_api_gateway.py

@@ -266,7 +266,7 @@ def handler(event, context):
     assert headers["Content-Type"] == [content_types.TEXT_HTML]
     assert headers["Access-Control-Allow-Origin"] == ["*"]
     assert "Access-Control-Allow-Credentials" not in headers
-    assert headers["Access-Control-Allow-Headers"] == sorted(CORSConfig._REQUIRED_HEADERS)
+    assert headers["Access-Control-Allow-Headers"] == [",".join(sorted(CORSConfig._REQUIRED_HEADERS))]
 
     # THEN for routes without cors flag return no cors headers
     mock_event = {"path": "/my/request", "httpMethod": "GET"}
@@ -483,9 +483,9 @@ def another_one():
     headers = result["multiValueHeaders"]
     assert headers["Content-Type"] == [content_types.APPLICATION_JSON]
     assert headers["Access-Control-Allow-Origin"] == [cors_config.allow_origin]
-    expected_allows_headers = sorted(set(allow_header + cors_config._REQUIRED_HEADERS))
+    expected_allows_headers = [",".join(sorted(set(allow_header + cors_config._REQUIRED_HEADERS)))]
     assert headers["Access-Control-Allow-Headers"] == expected_allows_headers
-    assert headers["Access-Control-Expose-Headers"] == cors_config.expose_headers
+    assert headers["Access-Control-Expose-Headers"] == [",".join(cors_config.expose_headers)]
     assert headers["Access-Control-Max-Age"] == [str(cors_config.max_age)]
     assert "Access-Control-Allow-Credentials" in headers
     assert headers["Access-Control-Allow-Credentials"] == ["true"]
@@ -558,7 +558,7 @@ def post_no_cors():
     headers = result["multiValueHeaders"]
     assert "Content-Type" not in headers
     assert "Access-Control-Allow-Origin" in result["multiValueHeaders"]
-    assert headers["Access-Control-Allow-Methods"] == ["DELETE", "GET", "OPTIONS"]
+    assert headers["Access-Control-Allow-Methods"] == ["DELETE,GET,OPTIONS"]
 
 
 def test_custom_preflight_response():

tests/functional/event_handler/test_headers_serializer.py

@@ -36,7 +36,7 @@ def test_headers_serializer_multi_value_headers():
     assert payload == {"multiValueHeaders": {"Set-Cookie": ["UUID=12345"]}}
 
     payload = serializer.serialize(cookies=["UUID=12345", "SSID=0xdeadbeef"], headers={"Foo": "bar,zbr"})
-    assert payload == {"multiValueHeaders": {"Set-Cookie": ["UUID=12345", "SSID=0xdeadbeef"], "Foo": ["bar", "zbr"]}}
+    assert payload == {"multiValueHeaders": {"Set-Cookie": ["UUID=12345", "SSID=0xdeadbeef"], "Foo": ["bar,zbr"]}}
 
 
 def test_headers_serializer_single_value_headers():
@@ -55,14 +55,10 @@ def test_headers_serializer_single_value_headers():
         warnings.simplefilter("default")
 
         payload = serializer.serialize(cookies=["UUID=12345", "SSID=0xdeadbeef"], headers={"Foo": "bar,zbr"})
-        assert payload == {"headers": {"Set-Cookie": "SSID=0xdeadbeef", "Foo": "zbr"}}
+        assert payload == {"headers": {"Set-Cookie": "SSID=0xdeadbeef", "Foo": "bar,zbr"}}
 
-        assert len(w) == 2
-        assert str(w[-2].message) == (
-            "Can't encode more than one cookie in the response. "
-            "Did you enable multiValueHeaders on the ALB Target Group?"
-        )
+        assert len(w) == 1
         assert str(w[-1].message) == (
-            "Can't encode more than on header with the same key in the response. "
+            "Can't encode more than one cookie in the response. "
             "Did you enable multiValueHeaders on the ALB Target Group?"
         )