CORS setting has no effect - not necessary when using lambda proxy default?


#1

Referring to this: https://serverless.com/framework/docs/providers/aws/events/apigateway#enabling-cors

It says to set cors: true. But in reality, this option isn’t needed, since the Lambda func is handling the headers in response. I left out the option and my Lambda function still works fine without it.


#2

From the documentation on this page: https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-cors.html

You must set up an OPTIONS method to handle preflight requests to support CORS. However, OPTIONS methods are optional if 1) an API resource exposes only the GET, HEAD or POST methods and 2) the request payload content type is application/x-www-form-urlencoded , multipart/form-data or text/plain and 3) the request does not contain any custom headers. When possible, we recommend to use OPTIONS method to enable CORS in your API.

cors: true in the serverless file sets up API gateway to respond to the OPTION preflight request. However it’s only needed if the browser makes one. In your case the browser may not be making one.


#3

You ALSO need to set the headers in your response like you said you’re doing. :+1:t2:


#4

Makes sense, thanks!