Support Forums

Cors issue with lambda from dev to netlify cross domain

Is it possible to send a fetch request cross domain to a netlify lambda function I get the following error

Access to fetch at ‘https://website-dev.netlify.app/.netlify/functions/stripe-checkout-session-fix’ from origin ‘http://dev.website.com’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. If an opaque response serves your needs, set the request’s mode to ‘no-cors’ to fetch the resource with CORS disabled.

This is my webhook


const stripe = require("stripe")(process.env.REACT_APP_STRIPE_API_SECRET)
const validateCartItems = require("use-shopping-cart/src/serverUtil")

exports.handler = async (event, context) => {
  try {
    const productJSON = JSON.parse(event.body)


    var test = Object.entries(productJSON)[0][1]


    var values = productJSON.values

    const session = await stripe.checkout.sessions.create({
      payment_method_types: ["card"],
      billing_address_collection: "auto",
      shipping_address_collection: {
        allowed_countries: ["CA"],
      success_url: `${process.env.URL}/success`,
      cancel_url: `${process.env.URL}/cancelled`,
      line_items: test,
      mode: "payment",
      metadata: values,


    return {
      statusCode: 200,
      body: JSON.stringify({ sessionId: session.id }),
      headers: {
        "Access-Control-Allow-Origin": "*",
        "Access-Control-Allow-Headers": "Content-Type",
        "Access-Control-Allow-Methods": "GET, POST",
  } catch (err) {
    return { statusCode: 500, body: err.toString() }

and I have a netlify.toml file

  functions ="functions/"

  # Define which paths this specific [[headers]] block will cover.
  for = "/*"
    Access-Control-Allow-Origin = "*"

Thanks in advance

A post was merged into an existing topic: Is it possible to fetch a netlify function from another domain