CORS not working for multiple methods on same endpoint #1960
Description
Serverless Framework Version:
1.0.0-beta.2
Operating System:
OSX 10.11.6
Expected Behavior:
OPTIONS request on endpoint returns Access-Control-Allow-Methods header with all configured methods enabled
Actual Behavior:
OPTIONS request on endpoint returns Access-Control-Allow-Methods header with only the method that is defined last in serverless.yml
Our serverless.yml config has the following function defined:
functions:
blog:
handler: blog/posts/handler.handler
events:
- http:
path: posts
method: get
cors: true
- http:
path: posts
method: post
cors: true
- http:
path: posts/{id}
method: put
cors: true
- http:
path: posts/{id}
method: delete
cors: trueWhen requesting OPTIONS from the endpoint, only the DELETE method is listed as allowed:
curl -vv -X OPTIONS https://.....amazonaws.com/dev/posts/1234
->
..
< HTTP/1.1 200 OK
..
< Access-Control-Allow-Methods: OPTIONS,DELETE
..
TLDR:
CORS is not functioning properly when enabled for multiple methods on the same endpoint.
Discussion:
So it seems like only the latter definition for posts/{id} is valid for CORS. The actual PUT method does still work though. We also tried commenting out the definition for DELETE method and then the request for OPTIONS returned response with OPTIONS,PUT in the header.
Is there an error in our way of configuring or is it possibly a bug?
EDIT: fixed incorrect serverless version