From 38ec6248faa871ec6b53532f2078faea12419e34 Mon Sep 17 00:00:00 2001 From: Jon Fairbanks Date: Mon, 14 Oct 2024 22:10:47 -0700 Subject: [PATCH] Fix CORS headers --- .tf/main.tf | 3 ++- server/index.ts | 15 +++++++++++++-- 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/.tf/main.tf b/.tf/main.tf index 20384dd..555421b 100644 --- a/.tf/main.tf +++ b/.tf/main.tf @@ -188,6 +188,7 @@ resource "aws_api_gateway_method_response" "yo_api_catch_all_method_response" { resource_id = aws_api_gateway_resource.yo_api_catch_all.id http_method = aws_api_gateway_method.yo_api_catch_all_method.http_method status_code = "200" + response_parameters = { "method.response.header.Access-Control-Allow-Origin" = true } @@ -222,7 +223,7 @@ resource "aws_api_gateway_integration_response" "yo_api_catch_all_integration_re status_code = "200" response_parameters = { - "method.response.header.Access-Control-Allow-Origin" = "'*'" # TODO: specify a domain here instead of "*" + "method.response.header.Access-Control-Allow-Origin" = "integration.response.header.Access-Control-Allow-Origin" } response_templates = { diff --git a/server/index.ts b/server/index.ts index 454b628..5324e90 100644 --- a/server/index.ts +++ b/server/index.ts @@ -107,8 +107,19 @@ export const handler = async ( } // Pass the event and context to the serverless app - const response = await serverlessApp(event, context); - return response; + const response: any = await serverlessApp(event, context); + + const headers = { + ...response?.headers || {}, + 'Access-Control-Allow-Origin': '*', // TODO: specify a domain instead of '*' + 'Access-Control-Allow-Methods': 'GET, POST, PUT, DELETE, OPTIONS', + 'Access-Control-Allow-Headers': 'Content-Type, Authorization', + }; + + return { + ...response, + headers, + }; } catch (error) { console.error('Error handling the request:', error); // Log the error return {