Serverless CORS Plugin

A Serverless Plugin for the Serverless Framework which adds support for CORS (Cross-origin resource sharing).

THIS PLUGIN IS NOT COMPATIBLE WITH SERVERLESS V1.0 OR HIGHER!

Serverless has native CORS support since v1.0.

Introduction

This plugins does the following:

It will add CORS response headers to all resource methods with a CORS-policy configured.

It will add an OPTIONS preflight endpoint with the proper headers for all resources with a CORS-policy configured.

Installation

In your project root, run:

npm install --save serverless-cors-plugin

Add the plugin to s-project.json :

"plugins" : [ "serverless-cors-plugin" ]

To find the best compatible (major) version, use the table below:

Serverless version Plugin version v0.1 v0.1 v0.2-v0.3 v0.2 v0.4 v0.3 v0.5 v0.4

Usage

Add the following properties to s-function.json to configure a CORS-policy:

"custom" : { "cors" : { "allowOrigin" : "*" , "allowHeaders" : [ "Content-Type" , "X-Amz-Date" , "Authorization" , "X-Api-Key" ] } }

The allowOrigin property is required, the other headers are optional. You can also add this configuration to s-project.json instead of s-function.json to apply the CORS-policy project-wide.

Run endpoint deploy and the CORS headers will dynamically be configured and deployed. Use the -a / --all flag to deploy pre-flight OPTIONS endpoints.

Caution: you will probably notice some warnings on missing stage and region template variables. These can be ignored until the issue is fixed.

Options

These are all options you can use:

Option Type Example allowOrigin String "*" allowHeaders Array ["Content-Type", "X-Api-Key"] allowCredentials Boolean true exposeHeaders Array ["Content-Type", "X-Api-Key"] maxAge Number 3600

For more information, read the CORS documentation.

Roadmap

Dynamically set origin headers (#2)

Add more verbose (debugging) output

Better support for authenticated requests

License

ISC License. See the LICENSE file.