Support cors
#449
Comments
|
One thing that bothers me about the trait is that there's just one Additionally, it requires hardcoding the full domain name (& port as well as protocol, which are also part of the origin) - in my view that's not going to go well together with things like deploying to multiple environments (even just test/prod). We should probably raise this in the upstream. |
|
For example, http4s supports a list of allowed origins:
so that when you make a request from one of them, it'll be returned in the allowed origin header. I believe that's a pretty common pattern even outside of http4s. |
This is one of the things I'm really not willing to provide OOTB support for, because it can be supported by http4s-level middleware easily in third-party code/userland. See the http4s docs. Moreover, as @kubukoz states, the cors trait ain't as flexible as it should, so providing OOTB support would be lacking. What we can do however is document how to retrieve hints from services (both in a polymorphic and monomorphic manner), and document an example of doing that for wiring a CORS middleware. |
|
Issue opened upstream : smithy-lang/smithy#1396 |
|
Opened #456 to document how to implement such a thing on your own until the issue is fixed upstream |
|
Gonna close this, the documentation on how to enable CORS is enough. |
Some users have requested the ability to generate the code to support CORS. This trait currently is not taken in consideration by the
simpleRestJsonprotocol.https://awslabs.github.io/smithy/2.0/spec/http-bindings.html?highlight=cords#cors-trait
The text was updated successfully, but these errors were encountered: