Fix duplicate OPTIONS method error for paths with trailing slash#3844
Open
abhishektang wants to merge 2 commits intoaws:developfrom
Open
Fix duplicate OPTIONS method error for paths with trailing slash#3844abhishektang wants to merge 2 commits intoaws:developfrom
abhishektang wants to merge 2 commits intoaws:developfrom
Conversation
reedham-aws
reviewed
Feb 12, 2026
Fixes aws#3816 When CORS is enabled on an API with paths that differ only by a trailing slash (e.g., /datasets and /datasets/), API Gateway would throw an error: 'Duplicate method OPTIONS found for resource /datasets. Only one is allowed.' This occurs because API Gateway treats /path and /path/ as the same resource, but SAM was adding OPTIONS methods to both paths separately. Solution: - Added path normalization in ApiGenerator._add_cors() method - Paths are normalized by removing trailing slashes (except for root '/') - Track normalized paths in a set to skip duplicates - Ensures only one OPTIONS method is added per normalized path Testing: - Added unit test test_add_cors_with_trailing_slash_paths to verify fix - All existing CORS integration tests (68 tests) pass without regression - Tested with real-world production templates with multiple HTTP methods
Address review feedback: use normalized_path instead of path when adding CORS OPTIONS method. This ensures consistent behavior regardless of which path (/datasets vs /datasets/) appears first in the template. Fixes aws#3816
abhishektang
force-pushed
the
develop
branch
from
4faeba3 to
6b3afda
Compare
reedham-aws
approved these changes
Mar 4, 2026
valerena
reviewed
Mar 6, 2026
| try: | ||
| editor.add_cors( # type: ignore[no-untyped-call] | ||
| path, | ||
| normalized_path, |
Contributor
There was a problem hiding this comment.
We should continue using path here (instead of normalized_path).
From an API Gateway perspective it's equivalent, but by still using path we keep backwards compatibility, in the sense that existing templates (without duplicated paths) continue generating exactly the same resources before and after this change (and changing this won't remove the fact that we will skip the duplicated normalized paths, because they're handled above)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Fixes #3816
This PR fixes the issue where enabling CORS on an API with paths that differ only by a trailing slash (e.g.,
/datasetsand/datasets/) causes API Gateway to throw an error:Problem
When CORS is enabled, SAM adds OPTIONS methods to all paths. However, API Gateway treats
/pathand/path/as the same resource. If both paths exist in the template, SAM was adding OPTIONS to both separately, causing a duplicate method error.Solution
The fix normalizes paths before adding CORS OPTIONS methods:
/)Changes
Modified files:
samtranslator/model/api/api_generator.py: Added path normalization in_add_cors()methodtests/model/api/test_api_generator.py: Added unit testtest_add_cors_with_trailing_slash_pathsTesting
✅ Unit Tests
test_add_cors_with_trailing_slash_pathsthat verifies:/datasets(POST) and/datasets/(PUT) are correctly handled✅ Integration Tests
✅ Real-world Validation
Related Issues
Closes #3816
Checklist:
developbranch