CORS defeats AWS LAMBDA :(

问题

I've been reading a lot on CORS/Lambda/AWS API Gateway configuration, including AWS's setup help: http://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-cors.html And this great article: https://serverless.com/framework/docs/providers/aws/events/apigateway/

However, CORS is still defeating my API Gateway / Lambda function and I can't figure it out. Would love some help.

The meat of it seems to be that API Gateway proxies the request onto Lambda and you need to set "Access-Control-Allow-Origin": "*" headers in your Lambda function in addition to enabling CORS in the API Gateway, which I've done. I am getting a 200 response and can see the header being sent back correctly from my Lambda function. However, Chrome/FF still give me a CORS error. Any idea why?

Here are my request headers:

Host: myawshost.execute-api.us-west-2.amazonaws.com User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:50.0) Gecko/20100101 Firefox/50.0 Accept: application/json, text/javascript Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Origin: null DNT: 1 Connection: keep-alive

And the 200 response headers:

Access-Control-Allow-Origin: * Connection: keep-alive Content-Length: 74 Content-Type: application/json Date: Fri, 23 Dec 2016 08:35:02 GMT ...

That all looks nice and successful right? But yet, I get no JSON back from Lambda and this error message in console:

"Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://myawshost.execute-api.us-west-2.amazonaws.com/prod/view?id=272. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). (unknown)"

But Access-Control-Allow-Origin is not missing! I can see it there in the response.

Any thoughts?