Application Load Balancer CORS

Hi, we’re using an AWS ALB (application load balancer) to orchestrate access to some preexisting services of ours which are running in AWS ESC containers. I now wanted to add a serverless node.js application for a few new endpoints and just “hook” it into the ALB. That works fine when I access the api via postman, but if I try accessing this new endpoint from the frontend I get CORS issues. All the help-articles I found so far are about how to enable CORS with the AWS ApiGateway, using serverless with an ALB already seems like quite an exotic setup and I find just little information on it in general :frowning: .
If I try to set the CORS headers in the serverless handlers, the ALB will respond with a 502 BAD GATEWAY response, indicating it didn’t like what the lambda returned. The ALB also doesn’t seem to support the “cors: true”-setting for the yml-files. Am I doing anything wrong here?

I ended up implementing CORS manually myself. Essentially a cors request is a OPTIONS call to your server with your url before the actual POST/GET request. So I just applied this rule to capture all OPTIONS requests:
- alb:
listenerArn: !Ref ALBListener
priority: 1
path: /*
The handler function would then return headers with cors info:
callback(null, {
statusCode: 200,
statusDescription: ‘OK’,
isBase64Encoded: false,
headers: {
‘Content-Type’: ‘application/json’,
‘Access-Control-Allow-Origin’: ‘’,
‘Access-Control-Allow-Headers’: '
‘Access-Control-Allow-Methods’: ‘*’
Obvs in production you probably want to not have so many wildcards. I think also in every response in other requests I had to include these headers to make everything work.