Skip to content

Serverless CORS Plugin - Managing Cross-origin resource sharing (CORS) policies

License

Notifications You must be signed in to change notification settings

joostfarla/serverless-cors-plugin

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

78 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Serverless CORS Plugin

A Serverless Plugin for the Serverless Framework which adds support for CORS (Cross-origin resource sharing).

serverless npm version Build Status Dependencies Status DevDependencies Status

THIS PLUGIN IS NOT COMPATIBLE WITH SERVERLESS V1.0 OR HIGHER!

Serverless has native CORS support since v1.0.

Introduction

This plugins does the following:

  • It will add CORS response headers to all resource methods with a CORS-policy configured.

  • It will add an OPTIONS preflight endpoint with the proper headers for all resources with a CORS-policy configured.

Installation

In your project root, run:

npm install --save serverless-cors-plugin

Add the plugin to s-project.json:

"plugins": [
  "serverless-cors-plugin"
]

To find the best compatible (major) version, use the table below:

Serverless version Plugin version
v0.1 v0.1
v0.2-v0.3 v0.2
v0.4 v0.3
v0.5 v0.4

Usage

Add the following properties to s-function.json to configure a CORS-policy:

"custom": {
  "cors": {
    "allowOrigin": "*",
    "allowHeaders": ["Content-Type", "X-Amz-Date", "Authorization", "X-Api-Key"]
  }
}

The allowOrigin property is required, the other headers are optional. You can also add this configuration to s-project.json instead of s-function.json to apply the CORS-policy project-wide.

Run endpoint deploy and the CORS headers will dynamically be configured and deployed. Use the -a / --all flag to deploy pre-flight OPTIONS endpoints.

Caution: you will probably notice some warnings on missing stage and region template variables. These can be ignored until the issue is fixed.

Options

These are all options you can use:

Option Type Example
allowOrigin String "*"
allowHeaders Array ["Content-Type", "X-Api-Key"]
allowCredentials Boolean true
exposeHeaders Array ["Content-Type", "X-Api-Key"]
maxAge Number 3600

For more information, read the CORS documentation.

Roadmap

  • Dynamically set origin headers (#2)
  • Add more verbose (debugging) output
  • Better support for authenticated requests

License

ISC License. See the LICENSE file.

About

Serverless CORS Plugin - Managing Cross-origin resource sharing (CORS) policies

Resources

License

Stars

Watchers

Forks

Packages

No packages published