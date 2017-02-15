openbase logo
scp

serverless-cors-plugin

by Joost Farla
0.4.2 (see all)

Serverless CORS Plugin - Managing Cross-origin resource sharing (CORS) policies

npm
GitHub
CDN

Readme

Serverless CORS Plugin

A Serverless Plugin for the Serverless Framework which adds support for CORS (Cross-origin resource sharing).

serverless npm version Build Status Dependencies Status DevDependencies Status

THIS PLUGIN IS NOT COMPATIBLE WITH SERVERLESS V1.0 OR HIGHER!

Serverless has native CORS support since v1.0.

Introduction

This plugins does the following:

  • It will add CORS response headers to all resource methods with a CORS-policy configured.

  • It will add an OPTIONS preflight endpoint with the proper headers for all resources with a CORS-policy configured.

Installation

In your project root, run:

npm install --save serverless-cors-plugin

Add the plugin to s-project.json:

"plugins": [
  "serverless-cors-plugin"
]

To find the best compatible (major) version, use the table below:

Serverless versionPlugin version
v0.1v0.1
v0.2-v0.3v0.2
v0.4v0.3
v0.5v0.4

Usage

Add the following properties to s-function.json to configure a CORS-policy:

"custom": {
  "cors": {
    "allowOrigin": "*",
    "allowHeaders": ["Content-Type", "X-Amz-Date", "Authorization", "X-Api-Key"]
  }
}

The allowOrigin property is required, the other headers are optional. You can also add this configuration to s-project.json instead of s-function.json to apply the CORS-policy project-wide.

Run endpoint deploy and the CORS headers will dynamically be configured and deployed. Use the -a / --all flag to deploy pre-flight OPTIONS endpoints.

Caution: you will probably notice some warnings on missing stage and region template variables. These can be ignored until the issue is fixed.

Options

These are all options you can use:

OptionTypeExample
allowOriginString"*"
allowHeadersArray["Content-Type", "X-Api-Key"]
allowCredentialsBooleantrue
exposeHeadersArray["Content-Type", "X-Api-Key"]
maxAgeNumber3600

For more information, read the CORS documentation.

Roadmap

  • Dynamically set origin headers (#2)
  • Add more verbose (debugging) output
  • Better support for authenticated requests

License

ISC License. See the LICENSE file.

