serverless-cors-plugin v0.4.2
Serverless CORS Plugin
A Serverless Plugin for the Serverless Framework which adds support for CORS (Cross-origin resource sharing).
THIS PLUGIN REQUIRES SERVERLESS V0.5 OR HIGHER!
Introduction
This plugins does the following:
It will add CORS response headers to all resource methods with a CORS-policy configured.
It will add an
OPTIONSpreflight endpoint with the proper headers for all resources with a CORS-policy configured.
Installation
In your project root, run:
npm install --save serverless-cors-pluginAdd the plugin to s-project.json:
"plugins": [
"serverless-cors-plugin"
]To find the best compatible (major) version, use the table below:
| Serverless version | Plugin version |
|---|---|
| v0.1 | v0.1 |
| v0.2-v0.3 | v0.2 |
| v0.4 | v0.3 |
| v0.5 | v0.4 |
Usage
Add the following properties to s-function.json to configure a CORS-policy:
"custom": {
"cors": {
"allowOrigin": "*",
"allowHeaders": ["Content-Type", "X-Amz-Date", "Authorization", "X-Api-Key"]
}
}The allowOrigin property is required, the other headers are optional. You can also add this
configuration to s-project.json instead of s-function.json to apply the CORS-policy
project-wide.
Run endpoint deploy and the CORS headers will dynamically be configured and deployed.
Use the -a / --all flag to deploy pre-flight OPTIONS endpoints.
Caution: you will probably notice some warnings on missing stage and region
template variables. These can be ignored until the issue is fixed.
Options
These are all options you can use:
| Option | Type | Example |
|---|---|---|
allowOrigin | String | "*" |
allowHeaders | Array | ["Content-Type", "X-Api-Key"] |
allowCredentials | Boolean | true |
exposeHeaders | Array | ["Content-Type", "X-Api-Key"] |
maxAge | Number | 3600 |
For more information, read the CORS documentation.
Roadmap
- Dynamically set origin headers (#2)
- Add more verbose (debugging) output
- Better support for authenticated requests
License
ISC License. See the LICENSE file.