I ended up implementing CORS manually myself. Essentially a cors request is a OPTIONS call to your server with your url before the actual POST/GET request. So I just applied this rule to capture all OPTIONS requests:
- alb:
listenerArn: !Ref ALBListener
priority: 1
conditions:
path: /*
method:
- OPTIONS
The handler function would then return headers with cors info:
callback(null, {
statusCode: 200,
statusDescription: ‘OK’,
isBase64Encoded: false,
headers: {
‘Content-Type’: ‘application/json’,
‘Access-Control-Allow-Origin’: ‘’,
‘Access-Control-Allow-Headers’: '’,
‘Access-Control-Allow-Methods’: ‘*’
}
});
Obvs in production you probably want to not have so many wildcards. I think also in every response in other requests I had to include these headers to make everything work.