This function shows how to handle preflight CORS requests that will be sent by a browser when invoking a function.
The example uses totally permissive, open CORS, you may want to modify this to make it more secure.
This example assumes you are familiar with how serverless functions work. If needed, you can check Scaleway's official documentation
This example uses the Scaleway Serverless Framework Plugin. Please set up your environment with the requirements stated in the Scaleway Serverless Framework Plugin before trying out the example.
Additionnaly it uses the serverless-functions-node library for local testing.
The function of the example allows most CORS requests. For more documentation on how to control access for CORS requests, see HTTP response headers
Once your environment is set up, you can run:
npm install
NODE_ENV=test node handler.jsThis will launch a local server, allowing you to test the function. For that, you can run in another terminal:
The result should be similar to:
HTTP/1.1 200 OK
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: *
access-control-expose-headers: *
content-type: text/plain
content-length: 35
Date: Mon, 17 Apr 2023 07:03:06 GMT
Connection: keep-alive
Keep-Alive: timeout=72
server: envoy
This is allowing most CORS requestsYou can also check the result of your function in a browser. It should be "This is allowing most CORS requests".
Finally, if the test succeeded, you can deploy your function with:
serverless deployThen, from the given URL, you can run:
# Options request
curl -i -X OPTIONS <function URL>
# Get request
curl -i -X GET <function URL>When invoking this function, the output should be similar to the one obtained when testing locally.