If you deploy a Serverless Framework Java Lambda to AWS and attempt to call it locally while developing your frontend, you’ll run into a CORS error like this:
Access to XMLHttpRequest at 'https://abc.execute-api.us-west-1.amazonaws.com/some/api' from origin 'http://localhost:3000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Posts suggest to set a cors option under the event in your serverless.yaml like this:
events: - http: path: handlerPath method: post cors: origin: '*'
… but in current versions of Serverless this results in an error like this:
Serverless: at 'functions['example'].events[0].httpApi': unrecognized property 'cors'
From this post, it mentions the cors options has moved up into the provider section:
provider: name: aws runtime: java8 lambdaHashingVersion: 20201221 httpApi: cors: true
This is in the docs here.
This works great!
What does this option do? It looks like it sets these options in API Gateway: