add allowed_origins method to CORSConfig

sthulb · sthulb · commit cdbd01e14201 · 2024-07-05T09:37:17.000Z
diff --git a/aws_lambda_powertools/event_handler/api_gateway.py b/aws_lambda_powertools/event_handler/api_gateway.py
@@ -1,3 +1,5 @@
+from __future__ import annotations
+
 import base64
 import json
 import logging
@@ -191,10 +193,10 @@ def __init__(
             A boolean value that sets the value of `Access-Control-Allow-Credentials`
         """
 
-        self.allowed_origins = [allow_origin]
+        self._allowed_origins = [allow_origin]
 
         if extra_origins:
-            self.allowed_origins.extend(extra_origins)
+            self._allowed_origins.extend(extra_origins)
 
         self.allow_headers = set(self._REQUIRED_HEADERS + (allow_headers or []))
         self.expose_headers = expose_headers or []
@@ -210,7 +212,7 @@ def to_dict(self, origin: Optional[str]) -> Dict[str, str]:
 
         # If the origin doesn't match any of the allowed origins, and we don't allow all origins ("*"),
         # don't add any CORS headers
-        if origin not in self.allowed_origins and "*" not in self.allowed_origins:
+        if origin not in self._allowed_origins and "*" not in self._allowed_origins:
             return {}
 
         # The origin matched an allowed origin, so return the CORS headers
@@ -227,6 +229,14 @@ def to_dict(self, origin: Optional[str]) -> Dict[str, str]:
             headers["Access-Control-Allow-Credentials"] = "true"
         return headers
 
+    def allowed_origin(self, extracted_origin: str) -> str | None:
+        if extracted_origin in self._allowed_origins:
+            return extracted_origin
+        if extracted_origin is not None and "*" in self._allowed_origins:
+            return "*"
+
+        return None
+
     @staticmethod
     def build_allow_methods(methods: Set[str]) -> str:
         """Build sorted comma delimited methods for Access-Control-Allow-Methods header
@@ -812,10 +822,9 @@ def _add_cors(self, event: ResponseEventT, cors: CORSConfig):
         """Update headers to include the configured Access-Control headers"""
         extracted_origin_header = extract_origin_header(event.resolved_headers_field)
 
-        if extracted_origin_header in cors.allowed_origins:
-            self.response.headers.update(cors.to_dict(extracted_origin_header))
-        if extracted_origin_header is not None and "*" in cors.allowed_origins:
-            self.response.headers.update(cors.to_dict("*"))
+        origin = cors.allowed_origin(extracted_origin_header)
+        if origin is not None:
+            self.response.headers.update(cors.to_dict(origin))
 
     def _add_cache_control(self, cache_control: str):
         """Set the specified cache control headers for 200 http responses. For non-200 `no-cache` is used."""
