CORS

Cross-origin resource sharing (CORS) is a browser security feature that restricts cross-origin HTTP requests that are initiated from scripts running in the browser.

Step-by-step directions

Step 1: Go back to AWS Amplify console, Select your web app: WildRydes security

Step 2: Go to the website, navigate to /signin.html security

Step 3: Choose a location and Click Request Unicorn. Make sure it still works. cloud.vn

Step 4: Go to AWS Lambda. Find RequestUnicorn function. Replace lambda_handler with the following code

def lambda_handler(event,context):
    try:

        if not event['requestContext'].get('authorizer'):
            return error_response('Authorization not configured',context.aws_request_id)

        ride_id = str(uuid.uuid4())
        
        print(ride_id)
        
        username = event['requestContext']['authorizer']['claims']['cognito:username']
        
        request_body = json.loads(event['body'])
        
        pick_up_location = request_body['PickupLocation']
        
        unicorn = find_unicorn(pick_up_location)
        
        record_ride(ride_id, username, unicorn)
        
        return {
            "isBase64Encoded": False,
            "statusCode": 201,
            "headers": {
                "Content-Type": "application/json",
                "X-Requested-With": '*',
                "Access-Control-Allow-Headers": '*',
                "Access-Control-Allow-Origin": 'example.com', #ChangeHere
                "Access-Control-Allow-Methods": '*'
            },
            "body": json.dumps(
                {
                    "RideID":ride_id,
                    "Unicorn":unicorn,
                    "UnicornName":unicorn['Name'],
                    "Eta":"30 seconds",
                    "Rider":username            
                }
            ,ensure_ascii=False)
        } 

    except Exception as e:    
        print(e)

Step 5: Go back to WildRydes page. You should not be able to RequestUnicorn. If you press F12, there is a notification that CORS policy has not passed your domain

cloud.vn