Cannot return CORS header

I’m trying to re-use a function I already deployed in a new app. When testing on localhost I encounter CORS issues (as one would :blush:), so I tried adding redirects and headers to the netlify.toml of the original app:

  functions = "./functions"
  command = "yarn run build"
  publish = "public"

  from = "/feedback"
  to = "/.netlify/functions/feedback"
  status = 200

  # Define which paths this specific [[headers]] block will cover.
  for = "/feedback"
    Access-Control-Allow-Origin = "*"

However, I can verify that while the app still works, the Access-Control-Allow-Origin is not returned (tried calling it with Postman: results came back, header didn’t). I tried adding several other headers to test, even tried for = "/*" - to no avail.

What am I missing? How can I return the proper CORS header for my function?


Hi @Niceguy955,

You’ll not be able to add response headers to a function response using a custom header rule. You’ll want to do that directly from your function. Something like:

exports.handler = function(event, context, callback) {
    callback(null, {
    statusCode: 200,
    body: "Hello, World",
    headers: {"Access-Control-Allow-Origin": "*"}

Thanks Dennis! A bit after I posted this, I tried manually adding the header to the function code, like you suggested), and indeed it worked!