Skip to content

CORS Support Not Working Properly in Generated Netty Server #737

Description

@dpacheco-groupieticket

Description:
The generated Netty server from smithy-java-server-codegen doesn't properly handle CORS requests despite having @cors traits in the Smithy model. While OPTIONS preflight requests work, actual requests (POST/GET) don't include CORS headers in responses.

Current Behavior:

  1. OPTIONS preflight requests return correct CORS headers
  2. Actual requests (POST/GET) return:
    • Correct status codes (200/201)
    • Correct response bodies
    • But missing Access-Control-Allow-Origin and other CORS headers
  3. Browser shows error: "CORS header 'Access-Control-Allow-Origin' missing"

Expected Behavior:
All responses should include CORS headers when:

  1. The request contains an Origin header
  2. The origin matches the @cors trait configuration
  3. For both preflight (OPTIONS) and actual requests

Reproduction Steps:

  1. Model with @cors trait:
@cors(origin: "http://localhost:5173")
service MyService {
    operations: [MyOperation]
}
  1. Generate Java server code
  2. Start server and make CORS request from browser
  3. Observe missing headers in actual requests

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Fields

    No fields configured for Feature.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions