Multiple CORS origins

According to the documentation at https://www.serverless.com/framework/docs/providers/aws/events/apigateway/#enabling-cors I should be able to add multiple origins to the cors definition:

          cors:
             origins:
                - http://example.com
                - http://example2.com

and then mentioned that a response template will be used to return the correct one in the Access-Control-Allow-Origin header. However, when I do this I simply get both values returned and the browser throws a fit.

Is the response template not automatically generated? Should I add it myself to serverless.yaml? Is there an example somewhere I can have a look at?

Thanks,
Eddie

1 Like

I worked on that issue and the following lines worked for me:

cors:
origin: “https:// www . example . com,https:// example . com,https:// dev . example . com”
headers:
- Accept
- Referer
- Session-Token
- User-Agent
- X-XSRF-TOKEN
allowCredentials: true

But the third origin (https:// dev . example . com) throws me a CORS error. The first two origins worked well.

(I have putted spaces between URLs because as a new user I’m not allowed to put URLs)

Hope it helps

Hi, no answers to that please ? No one know how to solve that ?

ShowBox Tutuapp Mobdro

I ran into a similar problem using AWS API Gateway and enabling multiple origins. I found that even though the “Access-Control-Allow-Origin” header in Header Mappings inside the Integrated Response indicates that only one domain was applied, you have to scroll down to the Mapping Templates section and click on the application/json Content-Type to see that the logic contains all of the domains listed under origins in your yaml file.

      - http:
          method: get
          path: /test
          cors:
            origins: 
              - https://abc3.com
              - https://abc4.com
            allowCredentials: true

Wow I didn’t know this is possible. so what to do if the mapping code is not there? Is there a way to set it up in the serverless.yaml so that it gets version controlled and automatically sat?