Cors on first app

I’m just building my first app with serverless on aws and I’m stuck on cors… I’m sure I’m doing something wrong.

This is my serverless.yml:
service: cgipub
frameworkVersion: ‘3’
name: aws
runtime: python3.9
stage: dev
region: us-west-2
- Effect: “Allow”
- “dynamodb:Query”
- “dynamodb:Scan”
- “dynamodb:GetItem”
- “dynamodb:PutItem”
- “dynamodb:UpdateItem”
Resource: “arn:aws:dynamodb:${self:provider.region}:*:table/UsersTable”
handler: test.env
- httpApi:
path: /env
method: get
cors: true

  • serverless-python-requirements

here is my javascript call where base_url is the url of the aws endpoint (ie

function make_api_call(func, data, callback) {
var url = ‘https://’ + cgipubconf[‘base_url’] + ‘/’ + func;
type: “GET”,
url: url,
data: data,
success: function (response) {
error: function (response) {
console.log("Error: " + response);

I’m sure it’s something dumb, but what am I missing here? I plan to use this particular endpoint across SEVERAL different domain names each needs to call it. I tried just cnaming the deployed endpoint but then the ssl doesn’t match.

ccan’t seem to delete the thread, so the answer was in my return headers, I had to allow cores inside my code, here is an example I got from chatgpt that I modified and it solved my issue:

def lambda_handler(event, context):
# Extract the origin of the request
origin = event[‘headers’].get(‘origin’, ‘’)

# Define a list of allowed origins
allowed_origins = ['', '']

# Check if the request origin is in the list of allowed origins
if origin in allowed_origins:
    cors_headers = {
        'Access-Control-Allow-Origin': origin,
        'Access-Control-Allow-Credentials': 'true' # if your application uses credentials
    cors_headers = {
        'Access-Control-Allow-Origin': '', # Default or error origin
        'Access-Control-Allow-Credentials': 'true'

# Your function logic here

return {
    'statusCode': 200,
    'headers': cors_headers,
    'body': json.dumps({'message': 'Hello from Lambda!'})