-
Notifications
You must be signed in to change notification settings - Fork 5.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CORS headers only present on OPTIONS (AWS ApiGateway) #4681
Comments
From the doc :
|
Thanks, I did eventually find that. Although I don't understand why this isn't included by the CORS config? |
Because if you're using lambda-proxy integration, you are bypassing request/response mapping templates and your function is solely responsible for providing the correct response. |
Please close this report as it is not a bug with serverless and is document well: |
Although maybe could become a feature request? |
@samsammurphy The problem here is, that if you're using lambda-proxy integration, you have to handle all calls to the endpoint and its responses by yourself, i.e. you have to add the headers in your code when you assemble the lambda proxy response. The framework cannot do that for you (in its current design) because it does not implement your handler. |
@HyperBrain I see, thank you for this explanation. |
Can you provide a simple example for this? I just deployed an API to API Gateway i'm using proxy integration. I wish to know how to provide the proper headers to the response within the lambda function |
I'm having the same issue, CORS can be enabled via AWS Console but Serverless has no option for it? Can I just add a custom Method Response with 200 status code for Access-Control-Allow-Origin header? |
@casper-gh yes. That's the recommended way of doing this. The cleanest way to do it is also to user variables in custom:
corsOrigin: '*' # change this to your desired origin!
provider:
environment:
CORS_ORIGIN: ${self:custom.corsOrigin}
function:
hello:
handler: hello.handler
events:
- http:
path: /
method: get
cors:
origin: ${self:custom.corsOrigin} then a handler in NodeJs example: module.exports.handler = async () => ({
statusCode: 200,
body: JSON.stringify({message: 'hello'}),
headers: {'Access-Control-Allow-Origin': process.env.CORS_ORIGIN},
}); Here's a good blog post from @alexdebrie on using CORS w/ serverless: https://serverless.com/blog/cors-api-gateway-survival-guide/ I'm going to close this issue now tho as setting the header on the actual lambda response is out of scope for the framework. |
This is a Bug Report
Description
The
cors: true
setting only configures the CORS headers on theOPTIONS
endpoint, not the others.I have put the files related to this example below however, if you
POST
to the endpoint created by this you get the following headers:Even though the OPTIONS for the same URL are correct:
For example, the following
serverless.yml
file:Produces the following
cloudformation-template-update-stack.json
file:The text was updated successfully, but these errors were encountered: