Cross Origin Resource Sharing defines a protocol by which resources on different domains may establish whether cross site operations are permissible.
Sparta makes CORS support a single
CORSEnabled field of the API struct:
// Register the function with the API Gateway apiStage := sparta.NewStage("v1") apiGateway := sparta.NewAPIGateway("SpartaHTML", apiStage) // Enable CORS s.t. the S3 site can access the resources apiGateway.CORSEnabled = true
Setting the boolean to
true will add the necessary
OPTIONS and mock responses to all resources exposed by your API. See the SpartaHTML sample for a complete example.
Sparta provides two ways to customize the CORS headers available:
- Via the apigateway.CORSOptions field.
- Customization may use the S3Site.CloudformationS3ResourceName to get the WebsiteURL value so that the CORS origin options can be minimally scoped.