Cross-origin resource sharing (CORS) is a browser security feature that restricts cross-origin HTTP requests that are initiated from scripts running in the browser.

Step-by-step directions

Step 1: Go back to AWS Amplify console, Select your web app: WildRydes security

Step 2: Go to the website, navigate to /signin.html security

Step 3: Choose a location and Click Request Unicorn. Make sure it still works.

Step 4: Go to AWS Lambda. Find RequestUnicorn function. Replace lambda_handler with the following code

def lambda_handler(event,context):

        if not event['requestContext'].get('authorizer'):
            return error_response('Authorization not configured',context.aws_request_id)

        ride_id = str(uuid.uuid4())
        username = event['requestContext']['authorizer']['claims']['cognito:username']
        request_body = json.loads(event['body'])
        pick_up_location = request_body['PickupLocation']
        unicorn = find_unicorn(pick_up_location)
        record_ride(ride_id, username, unicorn)
        return {
            "isBase64Encoded": False,
            "statusCode": 201,
            "headers": {
                "Content-Type": "application/json",
                "X-Requested-With": '*',
                "Access-Control-Allow-Headers": '*',
                "Access-Control-Allow-Origin": '', #ChangeHere
                "Access-Control-Allow-Methods": '*'
            "body": json.dumps(
                    "Eta":"30 seconds",

    except Exception as e:    

Step 5: Go back to WildRydes page. You should not be able to RequestUnicorn. If you press F12, there is a notification that CORS policy has not passed your domain