Giters

ixartz / Serverless-Boilerplate-Express-TypeScript

🚀🎉📚 Boilerplate and Starter for Serverless framework, ExpressJS, TypeScript, Prisma and MongoDB ⚡️ Made with developer experience first: Serverless framework + Live reload + Offline support + ExpressJS + TypeScript + ESLint + Prettier + Husky + Commitlint + Lint-Staged + Jest + Dotenv + esbuild + VSCode

Home Page:https://creativedesignsguru.com

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Access-Control headers missing from handler responses

kaveet opened this issue · comments

commented

Relates to #1

Any opinions on providing an example of Access-Control headers on responses coming from the handlers as part of this boilerplate?

Because Serverless is configured to respond to preflight requests, it's possible that a browser on a different origin will pass preflight requests but error when requesting to one of the handlers (especially with Content-Type: application/json):

Serverless-Boilerplate-Express-TypeScript/serverless.yml

Line 25 in 53f20b2

cors: true

This could be a hiccup if someone deploys the service without testing CORS locally.

Some ideas:

  • Use an Express middleware like cors
  • Provide an example sending back headers manually:
   app.get('/', (req, res) => {
     console.log(req.headers)
     res
       .set({
         'Access-Control-Allow-Origin': 'https://example.com', // '*'
       })
       .json({
         msg: 'Hello World',
       })
   });

Like #1, this might be out of scope for this boilerplate. Great project nonetheless!