Cors on first app

Serverless Framework
1

I’m just building my first app with serverless on aws and I’m stuck on cors… I’m sure I’m doing something wrong.

This is my serverless.yml:
service: cgipub
frameworkVersion: ‘3’
provider:
name: aws
runtime: python3.9
stage: dev
region: us-west-2
iamRoleStatements:
- Effect: “Allow”
Action:
- “dynamodb:Query”
- “dynamodb:Scan”
- “dynamodb:GetItem”
- “dynamodb:PutItem”
- “dynamodb:UpdateItem”
Resource: “arn:aws:dynamodb:${self:provider.region}:*:table/UsersTable”
functions:
env:
handler: test.env
events:
- httpApi:
path: /env
method: get
cors: true
plugins:

  • serverless-python-requirements

here is my javascript call where base_url is the url of the aws endpoint (ie xxxxxx.execute-api.us-west-2.amazonaws.com):

function make_api_call(func, data, callback) {
var url = ‘https://’ + cgipubconf[‘base_url’] + ‘/’ + func;
$.ajax({
type: “GET”,
url: url,
data: data,
success: function (response) {
callback(response);
},
error: function (response) {
console.log("Error: " + response);
},
});
}

I’m sure it’s something dumb, but what am I missing here? I plan to use this particular endpoint across SEVERAL different domain names each needs to call it. I tried just cnaming the deployed endpoint but then the ssl doesn’t match.

2

ccan’t seem to delete the thread, so the answer was in my return headers, I had to allow cores inside my code, here is an example I got from chatgpt that I modified and it solved my issue:

def lambda_handler(event, context):
# Extract the origin of the request
origin = event[‘headers’].get(‘origin’, ‘’)

# Define a list of allowed origins
allowed_origins = ['http://www.doomsdaydomination.com', 'http://www.example.com']

# Check if the request origin is in the list of allowed origins
if origin in allowed_origins:
    cors_headers = {
        'Access-Control-Allow-Origin': origin,
        'Access-Control-Allow-Credentials': 'true' # if your application uses credentials
    }
else:
    cors_headers = {
        'Access-Control-Allow-Origin': 'https://example.com', # Default or error origin
        'Access-Control-Allow-Credentials': 'true'
    }

# Your function logic here

return {
    'statusCode': 200,
    'headers': cors_headers,
    'body': json.dumps({'message': 'Hello from Lambda!'})
}