Improvement: CORS headers

[jandusek]

I'd be great if CORS headers returned by the local server were set to the same values used by Twilio Runtime once deployed:

access-control-allow-origin: *
access-control-allow-methods: GET, PUT
access-control-max-age: 3000

This would make for a more consistent testing experience.

Something like this might even possibly suffice, although I'm not sure if Functions should be treated differently than Assets.

--- dist/runtime/server.js
+++ dist/runtime/server.js
@@ -45,6 +45,12 @@
         app.use(express_useragent_1.default.express());
         app.use(body_parser_1.default.urlencoded({ extended: false }));
         app.use(body_parser_1.default.json());
+        app.use(function (req, res, next) {
+            res.header("Access-Control-Allow-Origin", "*");
+            res.header("Access-Control-Allow-Methods", "GET, PUT");
+            res.header("Access-Control-Max-Age", "3000");
+            next();
+        });
         app.get('/favicon.ico', (req, res) => {
             res.redirect('https://www.twilio.com/marketing/bundles/marketing/img/favicons/favicon.ico');
         });

[welcome]

Thank you so much for opening your first issue in this project! We'll try to get back to it as quickly as possible. While you are waiting...here's a random picture of a corgi (powered by dog.ceo)

[dkundel]

I didn't realize that those headers were set by default. I'm happy to merge this in if you want to create a PR for it :) that code seems to be sufficient!

[philnash]

Surely Functions doesn't set CORS headers by default. I thought to do CORS you needed to construct your own Response object?

[jandusek]

I also don't think Functions set it, but Assets do. I'm not sure how to best separate the two paths though. Any ideas?

[philnash]

Oh, assets do?! I should take a closer look!

[dkundel]

In that case we should make sure we only set them for assets. It might be worth circling back with the Functions team though to make sure in which cases explicitly these headers are set.

[ShelbyZ]

As an outsider - the headers are never present on a Twilio function. A developer needs to design their function to handle both OPTIONS (provide headers and respond with 2xx) and VERB (respond with same plus any additional headers, execute the actual code, and return relevant results).

[dkundel]

Yeah that's what I experienced as well but apparently assets are dealing with it differently.