Allow custom cors headers to be supplied via serverless.yml

Whoaa512 · Whoaa512 · commit 861947665ae6 · 2017-01-04T14:50:55.000-08:00
diff --git a/README.md b/README.md
@@ -108,6 +108,19 @@ custom:
 
 You can find an example setups in the [`examples`](./examples) folder.
 
+### Custom CORS headers when serving locally
+You can add custom allowed CORS headers using the `custom` section in the `serverless.yml`.
+These will get appended to the normal set of headers (`Authorization`, `Content-Type`, `x-amz-date`, `x-amz-security-token`)
+and sent when using the local `serverless webpack serve` command.
+
+```yaml
+# serverless.yml
+custom:
+  allowedCorsHeaders:
+    - X-My-Auth-Token
+    - X-My-Api-Host
+```
+
 ## Usage
 
 ### Automatic bundling
diff --git a/lib/serve.js b/lib/serve.js
@@ -93,10 +93,15 @@ module.exports = {
   },
 
   _handlerAddCors(handler) {
+    const customHeaders = (
+      this.serverless.service.custom &&
+      this.serverless.service.custom.allowedCorsHeaders
+    ) || [];
+    const allowedCorsHeaders = ['Authorization,Content-Type,x-amz-date,x-amz-security-token'].concat(customHeaders).join(',');
     return (req, res, next) => {
       res.header('Access-Control-Allow-Origin', '*');
       res.header('Access-Control-Allow-Methods', 'GET,PUT,HEAD,PATCH,POST,DELETE,OPTIONS');
-      res.header('Access-Control-Allow-Headers', 'Authorization,Content-Type,x-amz-date,x-amz-security-token');
+      res.header('Access-Control-Allow-Headers', allowedCorsHeaders);
       handler(req, res, next);
     };
   },
