We have a bunch of API endpoints set up in serverless.yml
that need to support CORS.
This configuration works:
functions:
function1:
handler: api.refresh
events:
- http:
path: function1
method: post
cors:
origin: '*'
headers:
- Content-Type
- X-Amz-Date
- Authorization
- X-Api-Key
- X-Amz-Security-Token
- X-Amz-User-Agent
But that means we need to duplicate the list of our custom CORS headers for each function - potentially dozens of places we need to update this as soon as we add a new header.
How do we specify the allowed CORS headers once and have them apply to all functions? Ideally we could also automatically make all functions have CORS enabled at the same time.