The Vercel platform allows developers to specificy headers when using Serverless Functions, this can be done with minimal knowledge of the language being used.

Understanding CORS

Before enabling this feature for your website, it is important to understand what "Cross-Origin Resource Sharing" is. It is highly recommended that you take a look at the following articles:

Enabling CORS on a Deployment

Once you understand what CORS is and the potential risks of enabling it, you can do so by following this Node.js example:

const allowCors = fn => async (req, res) => {
  res.setHeader('Access-Control-Allow-Credentials', true)
  res.setHeader('Access-Control-Allow-Origin', '*')
  // another option
  // res.setHeader('Access-Control-Allow-Origin', req.headers.origin);
  res.setHeader('Access-Control-Allow-Methods', 'GET,OPTIONS')
    'X-CSRF-Token, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Api-Version'
  if (req.method === 'OPTIONS') {
  return await fn(req, res)

const handler = (req, res) => {
  const d = new Date()

module.exports = allowCors(handler)

An example of implementing CORS using Node.js.

In this example, the allowCors function acts as a wrapper, enabling CORS for the Serverless Function passed to it. This is a common pattern when using middleware in Serverless Functions and can be applied to multiple scenarios.

Alternatively, you can use the headers configuration to enable CORS in multiple paths.