Serverless CORS Plugin - Managing Cross-origin resource sharing (CORS) policies
JavaScript
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
src
test
.gitignore
.travis.yml
CHANGELOG.md
LICENSE
README.md
package.json

README.md

Serverless CORS Plugin

A Serverless Plugin for the Serverless Framework which adds support for CORS (Cross-origin resource sharing).

serverless npm version Build Status Dependencies Status DevDependencies Status

THIS PLUGIN IS NOT COMPATIBLE WITH SERVERLESS V1.0 OR HIGHER!

Serverless has native CORS support since v1.0.

Introduction

This plugins does the following:

  • It will add CORS response headers to all resource methods with a CORS-policy configured.

  • It will add an OPTIONS preflight endpoint with the proper headers for all resources with a CORS-policy configured.

Installation

In your project root, run:

npm install --save serverless-cors-plugin

Add the plugin to s-project.json:

"plugins": [
  "serverless-cors-plugin"
]

To find the best compatible (major) version, use the table below:

Serverless version Plugin version
v0.1 v0.1
v0.2-v0.3 v0.2
v0.4 v0.3
v0.5 v0.4

Usage

Add the following properties to s-function.json to configure a CORS-policy:

"custom": {
  "cors": {
    "allowOrigin": "*",
    "allowHeaders": ["Content-Type", "X-Amz-Date", "Authorization", "X-Api-Key"]
  }
}

The allowOrigin property is required, the other headers are optional. You can also add this configuration to s-project.json instead of s-function.json to apply the CORS-policy project-wide.

Run endpoint deploy and the CORS headers will dynamically be configured and deployed. Use the -a / --all flag to deploy pre-flight OPTIONS endpoints.

Caution: you will probably notice some warnings on missing stage and region template variables. These can be ignored until the issue is fixed.

Options

These are all options you can use:

Option Type Example
allowOrigin String "*"
allowHeaders Array ["Content-Type", "X-Api-Key"]
allowCredentials Boolean true
exposeHeaders Array ["Content-Type", "X-Api-Key"]
maxAge Number 3600

For more information, read the CORS documentation.

Roadmap

  • Dynamically set origin headers (#2)
  • Add more verbose (debugging) output
  • Better support for authenticated requests

License

ISC License. See the LICENSE file.