Enabling CORS in API Gateway Requires Method Response
You can enable CORS in API Gateway through AWS Console with few simple clicks:
However there are some restrictions regarding when you can invoke this. You need to remember that all this function is doing is just adding some headers like Access-Control-Allow-(Headers|Methods|Origin) to your API Gateway response.
To do this, it needs to modify the “Method Response” section of your resource. If you won’t have any response definition then this will simply not work and fail immediately.
In this case, you need to define a default response for your call. Enter your resource, then “Method Response” and you should see something like on this screenshot:
If you’ll create response with HTTP code 200 you should be able to use “Enable CORS” functionality now.
Note for Lambda users: Remember that if you’re using a resource that is invoking underlying AWS Lambda using Lambda Proxy you can’t expect it to automatically modify the “Integration Response” section (i.e. transformation of response from your Lambda invocation).
In case of Lambda Proxy integration - this part is fully under your lambda implementation control.