Blog

CORS on AWS Lambda and API Gateway: integration vs Lambda proxy

API Gateway can inject CORS for REST APIs, while Lambda URL or Function URLs may require explicit header logic in code.

Published: 2025-04-18Updated: 2025-06-021 min read

awsserverlesscors

Gateway-managed CORS

Enable CORS in API Gateway for known origins and methods, then verify OPTIONS routes return 200 with the expected headers.

When Lambda returns errors, ensure API Gateway error responses still include CORS headers or browsers will surface opaque failures.

Automate curl tests against deployed stages with Origin and preflight probes for each method you expose.

Log header names and values in CloudWatch for a sample request to catch double headers after refactors.