A company hosts an unauthenticated static website at www.example.com using Amazon S3 and Amazon CloudFront with AWS WAF configured. The website includes a user registration form that, upon submission, calls an Amazon API Gateway endpoint to invoke an AWS Lambda function for processing and forwarding the payload to an external API. During testing, a solutions architect encounters a CORS error and confirms that the CloudFront origin has the Access-Control-Allow-Origin header set to www.example.com. What action should the solutions architect take to resolve the CORS error?