Hi friends! Having a few issues with some cors stuff. I have an api through sst at

<http://api.example.com|api.example.com>

and a web page at

<http://example.com|example.com>

I have a few routes setup, and for the most part everything works fine. However, specifically

PATCH

and

PUT

requests from the web page to the sst API fail from cors preflight request.

DELETE

works fine however which weirded me out a bit. If there's any blatantly obvious thing I'm missing that would be a huge help! I do have an

OPTIONS

route setup as well, that returns an access-control header, as well as on the API construct I have the cors options with the allowed methods and the allowed origins array, with

<https://example.com>

in the allowed origin

Are you returning the CORS headers in all your responses?

So my api construct has

cors: {
        allowOrigins: [`${process.env.DASH_URI!}`],
        allowCredentials: true,
      },

And both the options handler and the PATCH handler have

headers: {
          "Access-Control-Allow-Origin": process.env.DASH_URI!,
          "Access-Control-Allow-Credentials": true,
        }

in their responses, so yes, I think I am?

Are your allowedMethods set up correctly in SST? I.e.

cors: {
        allowHeaders: [' your headers']
        allowOrigins: ['your origins'],
        allowMethods: [CorsHttpMethod.GET, <http://CorsHttpMethod.POST|CorsHttpMethod.POST>, CorsHttpMethod.DELETE, CorsHttpMethod.PATCH, CorsHttpMethod.OPTIONS],
      },

I have the allowedMethods in there, though I don't have allowHeaders

Weird. For headers we specify

['X-Amz-Date', 'Authorization', 'X-Api-Key', 'X-Amz-Security-Token', 'X-Amz-User-Agent', 'content-type'];

Yeah that was very odd, but I'm just happy it's working now. Just as a quick side question while I have you, is there any way to speed up the requests when in dev mode? On a prod deployment everything runs super fast, but while in dev all my api requests take 1-3 seconds to complete