When invoking a custom endpoint you may receive the below error:
Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:3000' is therefore not allowed access. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
LAC versions up to 4.0 does not allow for extraneous headers to fully support this type of CORS request.
Starting with LAC 4.1, you have complete flexibility to handle CORS in any way you want.