[Feature PI-758] Swagger Cors changes

infrastructure/swagger/05_paths.yaml

@@ -1,13 +1,17 @@
 ---
 x-definitions:
+  OptionResponseParameters:
+    type: object
+    option-response-parameters: &OptionResponseParameters
+      OptionResponseParameters:
+        method.response.header.Access-Control-Allow-Methods: "'GET,OPTIONS,POST,DELETE'"
+        method.response.header.Access-Control-Allow-Headers: "'apikey,authorization,content-type,version'"
+        method.response.header.Access-Control-Allow-Origin: "'*'"
   ApiGatewayIntegration:
     type: object
     x-amazon-apigateway-integration: &ApiGatewayIntegration
       type: aws_proxy
       httpMethod: POST
-      responses:
-        default:
-          statusCode: "200"
       passthroughBehavior: when_no_match
       contentHandling: CONVERT_TO_TEXT
 
@@ -37,6 +41,9 @@ paths:
         - $ref: "#/components/parameters/HeaderCorrelationId"
       x-amazon-apigateway-integration:
         <<: *ApiGatewayIntegration
+        responses:
+          default:
+            statusCode: 200
         uri: ${method_status}
       security:
         - ${authoriser_name}: []
@@ -68,15 +75,14 @@ paths:
               schema:
                 $ref: "#/components/schemas/Empty"
       x-amazon-apigateway-integration:
+        <<: *ApiGatewayIntegration
         responses:
           default:
-            statusCode: "200"
-            responseParameters:
-              method.response.header.Access-Control-Allow-Methods: "'GET,OPTIONS,POST'"
-              method.response.header.Access-Control-Allow-Headers: "'apikey,authorization,content-type,version'"
-              method.response.header.Access-Control-Allow-Origin: "'*'"
-        requestTemplates:
-          application/json: '{"statusCode": 200}'
+            statusCode: 200
+            <<: *OptionResponseParameters
+          "400":
+            statusCode: "400"
+            <<: *OptionResponseParameters
         passthroughBehavior: "never"
         type: "mock"
       security:
@@ -106,12 +112,57 @@ paths:
         - $ref: "#/components/parameters/HeaderCorrelationId"
       x-amazon-apigateway-integration:
         <<: *ApiGatewayIntegration
+        responses:
+          default:
+            statusCode: 200
         uri: ${method_createProductTeam}
       security:
         - ${authoriser_name}: []
         - app-level0: []
 
   /ProductTeam/{product_team_id}:
+    options:
+      operationId: productteamcors
+      summary: Product Team (OPTIONS)
+      tags:
+        - Options
+      parameters:
+        - $ref: "#/components/parameters/ProductTeamId"
+        - $ref: "#/components/parameters/CorsOrigin"
+      responses:
+        "400":
+          $ref: "#/components/responses/CreateProductTeamBadRequest"
+        "200":
+          description: "200 response"
+          headers:
+            Access-Control-Allow-Origin:
+              schema:
+                type: "string"
+            Access-Control-Allow-Methods:
+              schema:
+                type: "string"
+            Access-Control-Allow-Headers:
+              schema:
+                type: "string"
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/Empty"
+      x-amazon-apigateway-integration:
+        <<: *ApiGatewayIntegration
+        responses:
+          default:
+            statusCode: 200
+            <<: *OptionResponseParameters
+          "409":
+            $ref: "#/components/responses/Conflict"
+            statusCode: 409
+            <<: *OptionResponseParameters
+        passthroughBehavior: "never"
+        type: "mock"
+      security:
+        - ${authoriser_name}: []
+        - app-level0: []
     get:
       operationId: readproductteam
       summary: Read a Product Team resource (GET)
@@ -133,6 +184,9 @@ paths:
           $ref: "#/components/responses/ProductTeamNotFound"
       x-amazon-apigateway-integration:
         <<: *ApiGatewayIntegration
+        responses:
+          default:
+            statusCode: 200
         uri: ${method_readProductTeam}
       security:
         - ${authoriser_name}: []
@@ -151,6 +205,7 @@ paths:
         - $ref: "#/components/parameters/HeaderApikey"
         - $ref: "#/components/parameters/HeaderRequestId"
         - $ref: "#/components/parameters/HeaderCorrelationId"
+        - $ref: "#/components/parameters/CorsOrigin"
       responses:
         "200":
           $ref: "#/components/responses/CpmProductTeamDelete"
@@ -160,6 +215,9 @@ paths:
           $ref: "#/components/responses/Conflict"
       x-amazon-apigateway-integration:
         <<: *ApiGatewayIntegration
+        responses:
+          default:
+            statusCode: 200
         uri: ${method_deleteProductTeam}
       security:
         - ${authoriser_name}: []
@@ -193,15 +251,11 @@ paths:
               schema:
                 $ref: "#/components/schemas/Empty"
       x-amazon-apigateway-integration:
+        <<: *ApiGatewayIntegration
         responses:
           default:
-            statusCode: "200"
-            responseParameters:
-              method.response.header.Access-Control-Allow-Methods: "'GET,OPTIONS,POST'"
-              method.response.header.Access-Control-Allow-Headers: "'apikey,authorization,content-type,version'"
-              method.response.header.Access-Control-Allow-Origin: "'*'"
-        requestTemplates:
-          application/json: '{"statusCode": 200}'
+            statusCode: 200
+            <<: *OptionResponseParameters
         passthroughBehavior: "never"
         type: "mock"
       security:
@@ -234,6 +288,9 @@ paths:
           $ref: "#/components/responses/ProductTeamNotFound"
       x-amazon-apigateway-integration:
         <<: *ApiGatewayIntegration
+        responses:
+          default:
+            statusCode: 200
         uri: ${method_createCpmProduct}
       security:
         - ${authoriser_name}: []
@@ -265,15 +322,11 @@ paths:
               schema:
                 $ref: "#/components/schemas/Empty"
       x-amazon-apigateway-integration:
+        <<: *ApiGatewayIntegration
         responses:
           default:
-            statusCode: "200"
-            responseParameters:
-              method.response.header.Access-Control-Allow-Methods: "'GET,OPTIONS'"
-              method.response.header.Access-Control-Allow-Headers: "'apikey,authorization,content-type,version'"
-              method.response.header.Access-Control-Allow-Origin: "'*'"
-        requestTemplates:
-          application/json: '{"statusCode": 200}'
+            statusCode: 200
+            <<: *OptionResponseParameters
         passthroughBehavior: "never"
         type: "mock"
       security:
@@ -299,6 +352,9 @@ paths:
           $ref: "#/components/responses/SearchProductBadRequest"
       x-amazon-apigateway-integration:
         <<: *ApiGatewayIntegration
+        responses:
+          default:
+            statusCode: 200
         uri: ${method_searchProduct}
       security:
         - ${authoriser_name}: []
@@ -367,6 +423,9 @@ paths:
           $ref: "#/components/responses/ProductNotFound"
       x-amazon-apigateway-integration:
         <<: *ApiGatewayIntegration
+        responses:
+          default:
+            statusCode: 200
         uri: ${method_readCpmProduct}
       security:
         - ${authoriser_name}: []
@@ -437,6 +496,9 @@ paths:
           $ref: "#/components/responses/ProductDeleteNotFound"
       x-amazon-apigateway-integration:
         <<: *ApiGatewayIntegration
+        responses:
+          default:
+            statusCode: 200
         uri: ${method_deleteCpmProduct}
       security:
         - ${authoriser_name}: []

infrastructure/swagger/08_components--schemas--other.yaml

@@ -22,3 +22,7 @@ components:
     HeaderApikey:
       type: string
       example: GEDT124JF9OP
+
+    CorsOrigin:
+      type: string
+      example: "*"

infrastructure/swagger/09_components--headers.yaml

@@ -31,3 +31,8 @@ components:
       required: true
       schema:
         $ref: "#/components/schemas/HeaderApikey"
+    CorsOrigin:
+      in: header
+      name: Access-Control-Allow-Origin
+      schema:
+        $ref: "#/components/schemas/CorsOrigin"

infrastructure/swagger/12_components--responses.yaml

@@ -180,6 +180,11 @@ components:
         application/json:
           schema:
             $ref: "#/components/schemas/CPMProductTeamDeleteResponse"
+      headers:
+        Access-Control-Allow-Origin:
+          schema:
+            type: string
+          example: "*"
     ProductCreate:
       description: Create Product operation successful
       content:

src/layers/domain/response/aws_lambda_response.py

@@ -11,6 +11,9 @@ class AwsLambdaResponseHeaders(BaseModel):
     content_length: str = Field(alias="Content-Length", regex=r"^[0-9][0-9]*$")
     version: str = Field(alias="Version", regex=r"^(null)|([1-9][0-9]*)$")
     host: str = Field(default=None, alias="Host")
+    access_control_allow_origin: str = Field(
+        default=None, alias="access-control-allow-origin"
+    )
 
     class Config:
         allow_population_by_field_name = True
@@ -35,6 +38,7 @@ def generate_response_headers(cls, headers, values):
             content_length=len(body),
             version="null" if version is None else version,
             host="foo.co.uk",
+            access_control_allow_origin="https://digital.nhs.uk",
         )
         return headers
 

test_ui/product_id_flow/src/components/ProductDeleteTeamFlow.tsx

@@ -61,9 +61,7 @@ const ProductTeamDelete: React.FC = () => {
       const responseData = await response.json();
       setProductTeamDeleteResponse(responseData);
     } catch (err) {
-      setError(
-        `Failed to Delete. Please try again. ${productTeamDeleteResponse}`
-      );
+      setError(`Failed to Delete. Please try again. ${err}`);
       console.error(err);
     } finally {
       setLoading(false);