Because so many IIIF consumers (e.g., Clover, OpenSeadragon) have the option of using XHR with credentials: true, we need more fine-grained control over the CORS response headers (specifically Access-Control-Allow-Credentials and Access-Control-Allow-Origin. This PR moves the responsibility for those headers from the SAM template / Lambda Function configuration to the code itself. See the README changes for details.
Because so many IIIF consumers (e.g., Clover, OpenSeadragon) have the option of using XHR with
credentials: true, we need more fine-grained control over the CORS response headers (specificallyAccess-Control-Allow-CredentialsandAccess-Control-Allow-Origin. This PR moves the responsibility for those headers from the SAM template / Lambda Function configuration to the code itself. See theREADMEchanges for details.Resolves #104