I am using AWS::Serverless::Api.
Providing multiple origins through the Cors.AllowOrigin property results in an invalid Access-Control-Allow-Origin header being received by the browser.
The documentation suggests that multiple origins are supported : https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-property-api-corsconfiguration.html
When i have the following in my template :
AllowOrigin: "'http://origin-1,http://origin-2'"
The server returns :
Access-Control-Allow-Origin: http://origin-1,http://origin-2
Which is invalid according to the CORS specification.
SAM needs to return only one origin in the Access-Control-Allow-Origin header, namely the one that matches the Origin request header.
I am using
AWS::Serverless::Api.Providing multiple origins through the
Cors.AllowOriginproperty results in an invalidAccess-Control-Allow-Originheader being received by the browser.The documentation suggests that multiple origins are supported : https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-property-api-corsconfiguration.html
When i have the following in my template :
The server returns :
Which is invalid according to the CORS specification.
SAM needs to return only one origin in the
Access-Control-Allow-Originheader, namely the one that matches theOriginrequest header.