Serverless CORS Plugin
A Serverless Plugin for the Serverless Framework which
adds support for CORS (Cross-origin resource sharing).
THIS PLUGIN REQUIRES SERVERLESS V0.5 OR HIGHER!
Introduction
This plugins does the following:- It will add CORS response headers to all resource methods with a CORS-policy
- It will add an
OPTIONSpreflight endpoint with the proper headers for all
Installation
In your project root, run:npm install --save serverless-cors-pluginAdd the plugin to
s-project.json:"plugins": [
"serverless-cors-plugin"
]To find the best compatible (major) version, use the table below:
Serverless version | Plugin version ---|:--- v0.1 | v0.1 v0.2-v0.3 | v0.2 v0.4 | v0.3 v0.5 | v0.4
Usage
Add the following properties tos-function.json to configure a CORS-policy:"custom": {
"cors": {
"allowOrigin": "*",
"allowHeaders": ["Content-Type", "X-Amz-Date", "Authorization", "X-Api-Key"]
}
}The
allowOrigin property is required, the other headers are optional. You can also add this
configuration to s-project.json instead of s-function.json to apply the CORS-policy
project-wide.Run
endpoint deploy and the CORS headers will dynamically be configured and deployed.
Use the -a / --all flag to deploy pre-flight OPTIONS endpoints.Caution: you will probably notice some warnings on missing
stage and region
template variables. These can be ignored until the issue is fixed.Options
These are all options you can use:Option | Type | Example ---|:---|:---
allowOrigin | String | "*"
allowHeaders | Array | ["Content-Type", "X-Api-Key"]
allowCredentials | Boolean | true
exposeHeaders | Array | ["Content-Type", "X-Api-Key"]
maxAge | Number | 3600For more information, read the CORS documentation.
Roadmap
- Dynamically set origin headers (#2)
- Add more verbose (debugging) output
- Better support for authenticated requests
