How to configure CORS for an AWS API Gateway Custom Authorizer?


I have an API powered by API Gateway and Lambda that uses a custom authorizer.

For successful requests, it passes through the authorizer and then my Lambda can return proper responses with CORS headers with no problems.

However, for unsuccessful authorizations (eg. invalid tokens), I get no CORS headers and that causes my client app (which uses fetch API) to throw.

How do I setup CORS for an API that uses a custom authorizer?


Based from this answer and this AWS documentation page, I was able to figure out how to solve it.

The solution is to add the following in my serverless.yml:

Leave a Reply