I am running a HTTP lambda through serverless - I have set up cors using serverless.
For the majority of users - there’s no issue.
For a very small percentage of users - the request following the OPTIONS call is not returning access-control-allow-origin.
It has a successful preflight, that returns access-control-allow-origin - but the POST request following doesn’t return access-control-allow-origin - causing a CORS error.
For the users it doesn’t work for - no matter if they change computer or network - it still happens - and it’s always the same users.
What can affect returning an access-control-allow-origin? I’ve looked through the HAR files and for the 98% of users it works for and the 2% it doesn’t - the requests and responses look the same apart from access-control-allow-origin missing in the POST request after OPTIONS
Happy to send over the HAR files if that would help