The issue with your code is that Access-Control-Allow-Origin
doesn't accept multiple domains.
From this answer:
Sounds like the recommended way to do it is to have your server read
the Origin header from the client, compare that to the list of domains
you'd like to allow, and if it matches, echo the value of the Origin
header back to the client as the Access-Control-Allow-Origin header in
the response.
So, when writing support to the OPTIONS verb, which is the verb where the browser will preflight a request to see if CORS is supported, you need to write your Lambda code to inspect the event
object to see the domain of the client and dynamically set the corresponding Access-Control-Allow-Origin
with the domain.
In your question, you have used a CORS configuration for two different types: Lambda and Lamba-Proxy. I recommend that you use the second option, so you will be able to set the domain dynamically.
headers: {
"Access-Control-Allow-Origin" : myDomainValue
},
See more about CORS configuration in the Serverless Framework here.