New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for CORS in APIG #1596
Comments
@patoncrispy suggests this structure in issue 1586: functions:
user:
handler: handler.user
events:
- http:
method: post
cors: true
custom:
cors:
allow-origin: '*'
allow-headers:
- Content-Type
- X-Amz-Date
- Authorization
- X-Api-Key
allow-methods:
- POST
plugins:
- api-gateway-cors-plugin This provide more options for users, but it's a bit more complex. Plus, it seems that this is a service wide config. @patoncrispy do you think this is necessary? Why not just enable CORS for specific endpdionts, and users can always user serverless variables or JSON-REF if they wanna stay DRY. So I vote for the following: - http:
path: user/create
method: get
cors: true This will enable cors with some default config, so that users don't have to define the headers and methods and so on. Not really sure about the exact default config (@patoncrispy suggestions are super welcomed here 😊 ). If the user want more flexibility they can always turn the - http:
path: user/create
method: get
cors:
allow-origin: '*'
allow-headers:
- Content-Type
- X-Amz-Date
- Authorization
- X-Api-Key
allow-methods:
- POST Thoughts...? |
I really like @eahefnawy approach. It's simple and follows the same pattern with simple/extended config. Less confusing as whole config is under cors key, not somewhere else. |
I would like to keep the event related config inside the event object (like @eahefnawy showed with the last example) so that it's near to each other and kind of "encapsulated" logic which is easy to find and follow along. |
Apologies, but your final example @eahefnawy had been my initial intent. :) I think allowing endpoint-specific config will be really important. As for defaults, following the AWS developer guide, I would suggest perhaps:
In this instance, the
|
@patoncrispy that's perfect! 😊 Let's do that then. When someone has the following config: - http:
path: user/create
method: get
cors: true In the background, this will translate into: - http:
path: user/create
method: get
cors:
allow-origin: '*'
allow-headers:
- Content-Type
- X-Amz-Date
- Authorization
- X-Api-Key and if the @flomotlik @pmuens any further thoughts? |
Looks good. But I still have both options to specify a simple |
yep |
looks great |
Is it OK for me to get started on this then? :) |
yep @patoncrispy go ahead ... Thanks for pitching in! 😊 💃 |
Woop! 😃 🎉 Thanks to @flomotlik for updating the CONTRIBUTING.md guide! Will hopefully get started tomorrow evening BST. Excited! |
yeah sorry @patoncrispy totally get started on this one. Very much appreciate the help and I'll make sure to be more specific on when I think its good to go (something we already discussed internally we want to do better). Thanks for the reminder :) |
👍 @patoncrispy If you need any help just shout as I'm coming across this issue now and would like to get it sorted before moving on if possible. |
@wedgybo I'm almost done! Should hopefully be able to get it done by the end of the weekend (damn full time job!). :) |
@patoncrispy could you open a PR (even if its still not ready) so we can take a look? |
Sure! I'll do it tonight when I get home. Would be good to get feedback. |
As you'll see in the pull request, keen to get some advice on where to put the preflight configuration. |
Awesome! Thank you @patoncrispy. We'll look into it ASAP. |
A quick note just to say that during development I simplified the schema slightly to:
|
Done with #1703 |
Finally done with #1820 🎉 |
We need to have an easy way to set a certain endpoint to be cross origin friendly. To do that we'll need to to add the relevant CORS headers to
response.parameters
, which we currently don't set. This is relevant to supporting custom response templates (see Issue #1593 ). What I'm thinking is the following config forhttp
event:We can add even more options by inheriting logic from the serverless-cors-plugin. Although maybe we should first discuss allowing custom response templates first, since custom response templates might overwrite this cors settings
Thoughts...? cc/ @flomotlik @pmuens @ac360
Parent Issue:
#1408
The text was updated successfully, but these errors were encountered: