Blog

AWS Amplify Hosting: SPA rewrites, custom headers, and API proxy CORS alignment

amplify.yml customHeaders can set CORS on static assets; API Gateway behind proxy must echo the same Allow-Origin policy.

Published: 2026-05-14Updated: 2026-05-161 min read

awsamplifycors

Monorepos

Multiple frontends in one app may need per-branch subdomain mapping—document which origin each API allows.

SSR frameworks on Amplify may need different headers than pure static S3 sync.

Cognito hosted UI redirects must align with OAuth callback origins configured in the user pool.

Amplify JS SDK calls still require correct CORS on API Gateway or AppSync.