A Serverless Plugin for the Serverless Framework which adds support for CORS (Cross-origin resource sharing).
THIS PLUGIN IS NOT COMPATIBLE WITH SERVERLESS V1.0 OR HIGHER!
Serverless has native CORS support since v1.0.
This plugins does the following:
-
It will add CORS response headers to all resource methods with a CORS-policy configured.
-
It will add an
OPTIONSpreflight endpoint with the proper headers for all resources with a CORS-policy configured.
In your project root, run:
npm install --save serverless-cors-pluginAdd the plugin to s-project.json:
"plugins": [
"serverless-cors-plugin"
]To find the best compatible (major) version, use the table below:
| Serverless version | Plugin version |
|---|---|
| v0.1 | v0.1 |
| v0.2-v0.3 | v0.2 |
| v0.4 | v0.3 |
| v0.5 | v0.4 |
Add the following properties to s-function.json to configure a CORS-policy:
"custom": {
"cors": {
"allowOrigin": "*",
"allowHeaders": ["Content-Type", "X-Amz-Date", "Authorization", "X-Api-Key"]
}
}The allowOrigin property is required, the other headers are optional. You can also add this
configuration to s-project.json instead of s-function.json to apply the CORS-policy
project-wide.
Run endpoint deploy and the CORS headers will dynamically be configured and deployed.
Use the -a / --all flag to deploy pre-flight OPTIONS endpoints.
Caution: you will probably notice some warnings on missing stage and region
template variables. These can be ignored until the issue is fixed.
These are all options you can use:
| Option | Type | Example |
|---|---|---|
allowOrigin |
String | "*" |
allowHeaders |
Array | ["Content-Type", "X-Api-Key"] |
allowCredentials |
Boolean | true |
exposeHeaders |
Array | ["Content-Type", "X-Api-Key"] |
maxAge |
Number | 3600 |
For more information, read the CORS documentation.
- Dynamically set origin headers (#2)
- Add more verbose (debugging) output
- Better support for authenticated requests
ISC License. See the LICENSE file.