No 'Access-Control-Allow-Origin' header is present on the requested resource

I deployed a server running Express.js to netlify.
Now i make a request (from another url) to an api-endpoint on the server and get the error “Access to XMLHttpRequest at ‘serverURL/endpoint’ from origin ‘clientURL’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.”

Heres my server.js:

const express = require("express");
const serverless = require("serverless-http");
const cors = require('cors')
const bodyParser = require('body-parser');

const app = express();
const router = express.Router();
const uri = "MONGOURI"
app.use(bodyParser.urlencoded({ extended: true }));

var mongoose = require('mongoose');
mongoose.connect(uri, {useUnifiedTopology: true, useNewUrlParser: true, useCreateIndex: true});
var dateSchema = new mongoose.Schema({
    date: String,
    positions: String
var dateModel = mongoose.model('date', dateSchema);
var db = mongoose.connection;'/getPositions', cors(),  (req, res) => {
    var date =;
    db.on('error', function(error) {
    db.once('open', function() {
        dateModel.findOne({ date: date }).exec(function (err, doc) {
            if(err) {

app.use("/.netlify/functions/api", router)

module.exports.handler = serverless(app);


functions = "functions"

  from = "/*"
  to = "/index.html"
  status = 200

  for = "/*"
    Access-Control-Allow-Origin = "*"


  Access-Control-Allow-Origin: *

What is especially strange is, that the very first request I do after I re-deploy the server works, from the second on it seems to be broken.
Thank you in advance :slight_smile:


Rather than adding that header via _headers, you should return custom headers from within your function. I see you’re already using the cors library. Can you share the URL for the function?