Can we have a custom CORS method, similar to Authorizer?


Hi Folks, not sure where would be the best place to send suggestions, here or at GH issues.

Anyway, in our project we handle every resource CORS call with a custom lambda function that adjust CORS allowed origins/methods depending on the client/agent used and resource being accessed. As of now we do this by manually configuring each resource OPTIONS integration method.

It would be great if we could declare this configuration only once and have it replicated to all resources.




At the moment we don’t have any plans of adding this, but could you open in issue in Github describing this in detail and adding how you’re currently doing this in the serverless.yml? Definitely sounds like an interesting feature


I’ll be interested in a similar feature, however I only need to add a custom header.

Long story short, the cors version of AMP requires the “AMP-Access-Control-Allow-Source-Origin” header to be defined on preflight requests.

Can you link the github issue here ?


Hi there… any updates? I tried to use suggestion found somewhere in forum:

httpDefaults: &http_defaults
  method: options
      - '*'
      - Access-Control-Allow-Credentials
      - Access-Control-Allow-Origin 

While serverless does not choke on it, I still get errors like follows:
Request header field Access-Control-Allow-Credentials is not allowed by Access-Control-Allow-Headers in preflight response.

I really interested in the solution or workaround …