Because so many IIIF consumers (e.g., Clover, OpenSeadragon) have the option of using XHR with credentials: true, we need more fine-grained control over the CORS response headers (specifically Access-Control-Allow-Credentials and Access-Control-Allow-Origin. This PR moves the responsibility for those headers from the SAM template / Lambda Function configuration to the code itself. See the README changes for details.
Because so many IIIF consumers (e.g., Clover, OpenSeadragon) have the option of using XHR with
credentials: true
, we need more fine-grained control over the CORS response headers (specificallyAccess-Control-Allow-Credentials
andAccess-Control-Allow-Origin
. This PR moves the responsibility for those headers from the SAM template / Lambda Function configuration to the code itself. See theREADME
changes for details.Resolves #104