To enhance browser security, you are planning to enable CORS. To enable CORS on a resource using API gateway for GET method, which of the following action needs to be performed for all types of response except 200 response in case of Lambda custom integration?

Answer options:

A.Backend devices will be responsible to return Access-Control-Allow-Origin` header with `*` or specific origins to fulfil pre-flight handshakes.
B.An OPTIONS method is added to the resource which is automatically configured to return the three Access-Control-Allow-* headers to fulfil pre-flight handshakes.
C.Check if all Methods are added in “AllowMethods” along with GET.
D.Manually configure to return Access-Control-Allow-Origin` header with `*` or specific origins to fulfil pre-flight handshakes.

Correct Answer – D
While enabling CORS on resources using API Gateway, for all responses apart from 200 responses of the OPTIONS method, we need to manually configure to return Access-Control-Allow-Origin` header with `*` or specific origins to fulfill pre-flight handshakes.
Option A is incorrect as this is valid only for Lambda Proxy integration & not for Lambda custom integration.
Option B is incorrect as this is set only for the 200 responses of the Options method. For all other methods, we need to manually configure to return Access-Control-Allow-Origin` header with `*` or specific origins to fulfill pre-flight handshakes.
Option C is incorrect as even though this is set, we will also need to Manually configure to return Access-Control-Allow-Origin` header with `*` or specific origins to fulfill pre-flight handshakes.
For more information on enabling CORS for an API Gateway, refer to the following URL-
https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-cors.html