Amplify app triggering CORS error after changing domain

Question

Hello everyone,
we have an Amplify app that was originally configured for a certain domain. Everything works fine when using that domain, but we needed to change it to a different one.
Frontend works fine under the new domain, but the backend (which is an EC2 instance behind a Load Balancer) seems not to be sending any longer the CORS headers, as the browser shows an error related to that. We changed the subdomain of the backend too, to have a consistent configuration for the Load Balancer's listeners' SSL certificates.

I noticed though that even when turning off the EC2 instance, the browser still receives the same error, so does not seem something related to the configuration running on the server inside the EC2 instance.
I looked into the API Gateway (and by the way, no endpoint provided by the EC2 server is connected directly to the API Gateway), the Load Balancer's listeners and Cloud Front, but nothing points at a lack of configuration for the new domain we decided to use...

Any hints where I should be looking? If we revert back to the old domain, everything works.

Answer

The web service running on the EC2 instances is using an endpoint to make its services available to calling clients.  Whatever you are using to create these endpoints typically has a CORS on/off setting.  Additionally, there is usually a policy associated with this setting that lists what origins are allowed to call the web service.  This list of domains is configured somewhere in the code or a config file.  What the service endpoint on the ec2 instance receives a request, it will check its CORS domain list and only send a CORS header for that specific domain if it is in the list.  Here is a link to how you [enable CORS in ASP.Net Core](https://learn.microsoft.com/en-us/aspnet/core/security/cors?view=aspnetcore-7.0).  It may be similar for the language you are using.

Amplify app triggering CORS error after changing domain

Relevant content