serverless-cors-plugin

Serverless CORS Plugin

A Serverless Plugin for the Serverless Framework which adds support for CORS (Cross-origin resource sharing).

THIS PLUGIN REQUIRES SERVERLESS V0.5 OR HIGHER!

Introduction

This plugins does the following:

• It will add CORS response headers to all resource methods with a CORS-policy configured.

• It will add an OPTIONS preflight endpoint with the proper headers for all resources with a CORS-policy configured.

Installation

In your project root, run:

npm install --save serverless-cors-plugin

Add the plugin to s-project.json:

"plugins": [
  "serverless-cors-plugin"
]

To find the best compatible (major) version, use the table below:

Serverless version	Plugin version
v0.1	v0.1
v0.2-v0.3	v0.2
v0.4	v0.3
v0.5	v0.4

Usage

Add the following properties to s-function.json to configure a CORS-policy:

"custom": {
  "cors": {
    "allowOrigin": "*",
    "allowHeaders": ["Content-Type", "X-Amz-Date", "Authorization", "X-Api-Key"]
  }
}

The allowOrigin property is required, the other headers are optional. You can also add this configuration to s-project.json instead of s-function.json to apply the CORS-policy project-wide.

Run endpoint deploy and the CORS headers will dynamically be configured and deployed. Use the -a / --all flag to deploy pre-flight OPTIONS endpoints.

Caution: you will probably notice some warnings on missing stage and region template variables. These can be ignored until the issue is fixed.

Options

These are all options you can use:

Option	Type	Example
allowOrigin	String	"*"
allowHeaders	Array	["Content-Type", "X-Api-Key"]
allowCredentials	Boolean	true
exposeHeaders	Array	["Content-Type", "X-Api-Key"]
maxAge	Number	3600

For more information, read the CORS documentation.

Roadmap

• Dynamically set origin headers (#2)
• Add more verbose (debugging) output
• Better support for authenticated requests

License

ISC License. See the LICENSE file.