Hi guys
I’ve searched around a bit for answers to this but seem to be hitting brick walls wherever I go. I have the following serverless.yml file:
functions:
createVote:
handler: api/index.createVote
events:
- http:
path: votes/{id}
method: post
cors:
allowCredentials: true
origins: 'http://localhost:3000,https://mydomain.com'
request:
parameters:
paths:
id: true
And a function which I am using middy to implement cors:
export const createVote = middy(() => {...})
.use(cors({ origins: ['http://localhost:3000', 'https://mydomain.com'] }) )
But if I make this request on localhost:5000 then two things happen. Firstly the preflight request passes, where I would have expected this to throw a CORS error. The access-control-allow-origins response header is empty, but I would have expected it to contain on of the domains above.
Secondly the POST request succeeds, but the response is not visible due to the CORS error. I believe this is the expected behaviour.
So my question is how can I properly set allowed origins for a request as it seems like if the preflight check passes then the real request gets run, which seems to defeat the purpose?
Thanks!