I setup AWS API Gateway with CORS successfully, when a request is valid I have a 200 status code and also CORS headers, that's nice.
But when AWS API Gateway Request Validator detects an invalid input, I have the status code is 400 but CORS headers are not sent...
That's really unfortunate, because the client sees a CORS errors instead of a real 400 error (for exemple with fetch the client is not able to distinguish 400 errors because of CORS errors).
This question may be related to Get detailed error messages from AWS API Gateway Request Validator
I came to this answer through a discussion about using serverless to deploy CORS services and dealing with errors thrown from API Gateway: https://github.com/serverless/serverless/issues/3896#issuecomment-333910525
Basically, you need to go to API Gateway, select your API, then select Gateway Responses. You can then add headers for any 4XX or 5XX response.
This will allow 400 errors thrown from API Gateway to work with CORS, since you're adding the needed headers here.
来源:https://stackoverflow.com/questions/48710640/enable-cors-when-using-aws-api-gateway-request-validator