Enabling CORS for an OpenWhisk Web Action

This post is more than 2 years old.

Here's a quick tip for you. If you are building an OpenWhisk action you plan on exposing as a web action, most likely you'll want to look into enabling CORS so you can call your code from JavaScript on the front-end. Since Web Actions can return both a result and headers, this is trivial to do. Here is a simple example.

function main(args) {

    if(!args.name) args.name = 'Nameless';
	let result = {
		string:'Hello '+args.name

	return {
		headers: { 
		body: new Buffer(JSON.stringify(result)).toString('base64')


There's two things to make note of here. First, obviously, is the Access-Control-Allow-Origin header. I'm using * which means it can be called from anywhere, but I could lock that down if I chose.

Finally, when you return your data you have to base64 encode it. So the body key handles doing all of that after I've created my result value as I like.

The end result then is a simple endpoint I can hit from some client-side code:

.then(function(res) {

I also think it would be valid to build this as a sequence. So you could have webFoo being the action, comprised of a sequence of foo + webify (or some such) where foo represents the real business logic and webify handles the 'complex' output required to return the result.

Thank you to @akrabat on the OpenWhisk Slack for helping me figure this out!

Raymond Camden's Picture

About Raymond Camden

Raymond is a senior developer evangelist for Adobe. He focuses on document services, JavaScript, and enterprise cat demos. If you like this article, please consider visiting my Amazon Wishlist or donating via PayPal to show your support. You can even buy me a coffee!

Lafayette, LA https://www.raymondcamden.com

Archived Comments

Comment 1 by rr posted on 4/18/2017 at 2:39 PM

> I also think it would be valid to build this as a sequence.

That's the right idea: separation of concerns! This will easily be the winning strategy when the business logic becomes part of a more canonical flow that incorporates authorization and authentication. The value in some middlewares like in Express is making some of these compositions easier and this is also one of our goals with OpenWhisk.

Comment 2 (In reply to #1) by Raymond Camden posted on 4/18/2017 at 2:43 PM

Good to know I'm (slowly) getting into the 'right kind' of thinking here.

Hell, I'll post a followup tomorrow with a demo, cuz why not? :)