Can't get past CORS errors

I have tried everything to get past CORS errors, but I am still getting Request header field Cache-Control is not allowed by Access-Control-Allow-Headers in preflight response.

I’ve trie the default cors: true but it had no effect. Here’s my current serverless.yml:

signedPolicy: handler: functions/assets/signedPolicy.signedPolicy events:`Preformatted text` - http: path: api/assets/signedPolicy method: post cors: origins: - '*' headers: - Cache-Control - X-Requested-With - Content-Type - X-Amz-Date - Authorization - X-Api-Key - X-Amz-Security-Token - Access-Control-Allow-Origin - Access-Control-Allow-Credentials authorizer: arn:aws:cognito-idp:us-west-2:883959493850:userpool/us-west-2_F2GUdhdLr

This thread might be related No 'Access-Control-Allow-Origin' header is present on the requested resource

You might need to set these headers on your UNATHORIZED response https://github.com/serverless/examples/blob/master/aws-node-auth0-custom-authorizers-api/serverless.yml#L36-L55

Thanks - i do have that in my serverless.yml. I believe this is actually a cloudfront problem. I just changed it to whitelist headers and pass through these CORS headers. We’ll see if that helps…