Access-Control headers missing from handler responses
kaveet opened this issue · comments
Relates to #1
Any opinions on providing an example of Access-Control headers on responses coming from the handlers as part of this boilerplate?
Because Serverless is configured to respond to preflight requests, it's possible that a browser on a different origin will pass preflight requests but error when requesting to one of the handlers (especially with Content-Type: application/json
):
This could be a hiccup if someone deploys the service without testing CORS locally.
Some ideas:
- Use an Express middleware like cors
- Provide an example sending back headers manually:
app.get('/', (req, res) => {
console.log(req.headers)
res
.set({
'Access-Control-Allow-Origin': 'https://example.com', // '*'
})
.json({
msg: 'Hello World',
})
});
Like #1, this might be out of scope for this boilerplate. Great project nonetheless!