Working with Serverless / AWS Lambda

[oliviermills]

For those implementing a variation of this using AWS and having issues with HttpOnly Cookies, and CORS here are some tips:

1. Server-side: Make sure to set your cookie with HttpOnly; SameSite=None; Secure
2. Server-side: Make sure you return a header Access-Control-Allow-Origin with a specific value, NOT "*"
3. Server-side: With your Serverless config, make sure your /login and /refresh-token functions' cors value includes a specific origin (same as above) as well as headers array including "Access-Control-Allow-Credentials" not just the API Gateway defaults. This is so you can set withCredentials on the client side
4. Client-side: set axios to have withCredentials: true