No 'Access-Control-Allow-Origin' header is present on the requested resource with CORS module enabled

Question

I am trying to get CORS working on my AWS Lambda server using Serverless. Right now I have two sub-domains (api.site.co and app.site.co).

In my app.js file on Express, I have installed CORS and enabled it like such:

app.use(
  cors({
    origin: 'https://app.site.co',
    optionsSuccessStatus: 200,
  }),
);
app.options('*', cors());

And then using the Axios module in React, I make this call:

axios
   .post('/users/register', user)
   .then(res => history.push('/login'))
   .catch((err) => {
     dispatch({
       type: GET_ERRORS,
       error: err.response.data,
     });
   });

Also, in my app.js file for the client app:

axios.defaults.baseURL = 'https://api.site.co';

When submitting any request, I receive this error:

Access to XMLHttpRequest at 'https://api.site.co/users/register' from origin 'https://app.site.co' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

So, far I have also tried changing my CORS configuration to:

app.use(cors());
app.options('*', cors());

But I am still getting the same error.

Any suggestions on how to address this?

Answer 1

This was a problem with the AWS Lambda Serverless setup. I needed to add

functions:
  app:
    handler: app.handler
    events:
      - http:
          path: /
          method: any
          cors:
            origin: 'https://app.site.co'
      - http:
          path: '{proxy+}'
          method: any
          cors:
            origin: 'https://app.site.co'

So that it would allow CORS requests when proxying to the Express middleware.

Answer 2

Looks like there is a typo:

https://app.site.co/users/register => https://api.site.co/users/register

You're making a request to https://api.site.co but your configuration specifies https://app.site.co