serverless-cors-plugin

Serverless CORS Plugin - Managing Cross-origin resource sharing (CORS) policies

Downloads in past

Stats

StarsIssuesVersionUpdatedCreatedSize
serverless-cors-plugin
6940.4.26 years ago7 years agoMinified + gzip package size for serverless-cors-plugin in KB

Readme

Serverless CORS Plugin
A Serverless Plugin for the Serverless Framework which adds support for CORS (Cross-origin resource sharing).
serverless npm version Build Status Dependencies Status DevDependencies Status
THIS PLUGIN REQUIRES SERVERLESS V0.5 OR HIGHER!

Introduction

This plugins does the following:
  • It will add CORS response headers to all resource methods with a CORS-policy
configured.
  • It will add an OPTIONS preflight endpoint with the proper headers for all
resources with a CORS-policy configured.

Installation

In your project root, run:
npm install --save serverless-cors-plugin

Add the plugin to s-project.json:
"plugins": [
  "serverless-cors-plugin"
]

To find the best compatible (major) version, use the table below:
Serverless version | Plugin version ---|:--- v0.1 | v0.1 v0.2-v0.3 | v0.2 v0.4 | v0.3 v0.5 | v0.4

Usage

Add the following properties to s-function.json to configure a CORS-policy:
"custom": {
  "cors": {
    "allowOrigin": "*",
    "allowHeaders": ["Content-Type", "X-Amz-Date", "Authorization", "X-Api-Key"]
  }
}

The allowOrigin property is required, the other headers are optional. You can also add this configuration to s-project.json instead of s-function.json to apply the CORS-policy project-wide.
Run endpoint deploy and the CORS headers will dynamically be configured and deployed. Use the -a / --all flag to deploy pre-flight OPTIONS endpoints.
Caution: you will probably notice some warnings on missing stage and region template variables. These can be ignored until the issue is fixed.

Options

These are all options you can use:
Option | Type | Example ---|:---|:--- allowOrigin | String | "*" allowHeaders | Array | ["Content-Type", "X-Api-Key"] allowCredentials | Boolean | true exposeHeaders | Array | ["Content-Type", "X-Api-Key"] maxAge | Number | 3600
For more information, read the CORS documentation
.

Roadmap

  • Dynamically set origin headers (#2)
  • Add more verbose (debugging) output
  • Better support for authenticated requests

License

ISC License. See the LICENSE file.