CORS

[justgigio]

• We need to be able to configure CORS with env vars
• We need to fix CORS headers for error responses

[justgigio]

#26

[jansegre]

I'm OK with this task, as long as it solves any actual problem we're having right now.

Otherwise I think we're looking at CORS the wrong way. We have no reason to make it application specific (confirmed by the fact the we're setting it to a static header, it doesn't take any input into account to produce a different value), and as such it should be a deploy setup problem (API Gateway has setup options for CORS, otherwise if we use a CloudFront in front of the API, it also has CORS setup options, and if we opt to use a single domain, which I think we should, than we don't need CORS).

Am I missing something? @luislhl @pedroferreira1 @giovanecosta

[luislhl]

I'm OK with this task, as long as it solves any actual problem we're having right now.

Otherwise I think we're looking at CORS the wrong way. We have no reason to make it application specific (confirmed by the fact the we're setting it to a static header, it doesn't take any input into account to produce a different value), and as such it should be a deploy setup problem (API Gateway has setup options for CORS, otherwise if we use a CloudFront in front of the API, it also has CORS setup optons, and if we opt to use a single domain, which I think we should, than we don't need CORS).

Am I missing something? @luislhl @pedroferreira1 @giovanecosta

Yeah, I think your reasoning about CORS not being a application concern makes sense.