search

joostfarla / serverless-cors-plugin

Serverless CORS Plugin - Managing Cross-origin resource sharing (CORS) policies
ISC License
70 stars 15 forks source link

Custom Header support #17

Open AnalogJ opened 8 years ago

AnalogJ commented 8 years ago

I'm trying to send a custom header to my Serverless endpoint using AngularJS and JQuery, and whenever I do I get a 403 error during the OPTIONS preflight check.

My s-function.json has:

"requestTemplates": "$${apiRequestTemplate}",
..
"custom": {
    "cors": {
      "allowOrigin": "*",
      "allowHeaders": ["Content-Type", "X-Amz-Date", "X-Custom-Auth", "X-Api-Key"]
    }
  }

My s-templates.json file has:

"apiRequestTemplate": {
    "application/json": {
      "auth": "$input.params('X-Custom-Auth')"
    }
  }

I've tested it with a simple JQuery request:

$.ajax({
    url: "https://***.execute-api.us-east-1.amazonaws.com/dev/test",
    type: 'GET',
    dataType: 'json',
    beforeSend: function(xhr) {
        xhr.setRequestHeader('X-Custom-Auth', 'MY_AUTH');
    }
})
.done(function(data) {
    console.log('JQUERY',data)
})
.fail(function(data) {
    console.log('JQUERYFAIL',data)
});
})

If I comment out the beforeSend block, the request completes successfully.

joostfarla commented 8 years ago

@AnalogJ Just tried this, but I'm afraid I was not able to reproduce the issue.

Can you provide your full s-function.json and embedded template(s) please?

rodrigoreis22 commented 8 years ago

I had this problem too, my custom header is not being set on the response of OPTIONS call. I had to go to API Gateway and add it manually:

sls version 0.5.5

s-project.json:

{
  "name": "api-stationfy-sls",
  "custom": {
    "cors": {
      "allowOrigin": "*",
      "allowHeaders": [
        "Content-Type",
        "X-Amz-Date",
        "Authorization",
        "X-Api-Key",
        "Preferred-Language"
      ]
    }
  },
  "plugins": [
    "serverless-cors-plugin"
  ]
}
joostfarla commented 8 years ago

@rodrigoreis22 did you deploy your endpoints with the -a flag? Otherwise, the preflight (OPTIONS) endpoints will not be deployed.

rodrigoreis22 commented 8 years ago

@joostfarla no i didn't.. what's the -a flag? I'll try it.

joostfarla commented 8 years ago

@rodrigoreis22 -a / --all is the flag to deploy all your endpoints at the same time. Only then, your preflight (OPTIONS) endpoints will be deployed.

rodrigoreis22 commented 8 years ago

@joostfarla thanks.