CORS problem with AWS SAM, Cognito and Api Gateway

I have created a Lambda function with event type Api. I am also using Cognito Authorizer. Now I want to enable CORS for this Api. My code is like this -

SAM Template:

AWSTemplateFormatVersion: '2010-09-09'  Transform: AWS::Serverless-2016-10-31  Description: >    core test    Globals:    Function:      Timeout: 5      MemorySize: 128    Parameters:    Version:      Type: String      Default: prod    AdminStackName:      Description: Test stack.      Type: String      MinLength: 1      MaxLength: 255      AllowedPattern: "^[a-zA-Z][-a-zA-Z0-9]*$"      Default: test-stack        Resources:    BEApi:      Type: AWS::Serverless::Api      Properties:        Name: core-test        StageName: !Ref Version        Cors:          AllowMethods: "'DELETE,GET,OPTIONS,POST,PUT'"          AllowHeaders: "'Content-Type,Authorization,X-Amz-Date,X-Api-Key,X-Amz-Security-Token'"          AllowOrigin: "'https://www.test-cors.org/'"            AllowCredentials: True        Auth:          Authorizers:            CognitoAuthorizer:              UserPoolArn:                 Fn::ImportValue:                  Fn::Sub: "${AdminStackName}-BEUserPoolArn"       CoreFunction:      Type: AWS::Serverless::Function       Properties:        CodeUri: src/core        Handler: core        Runtime: go1.x        Tracing: Active         Policies: AmazonDynamoDBReadOnlyAccess        Events:          CatchAll:            Type: Api             Properties:              Path: /api/core              Method: GET              RestApiId: !Ref BEApi              Auth:                Authorizer: CognitoAuthorizer   

Simple Golang lambda handler:

 func ApiResponse(status int, body interface{}) (events.APIGatewayProxyResponse, error) {      resp := events.APIGatewayProxyResponse{}      resp.StatusCode = status      resp.Headers = map[string]string{          "Access-Control-Allow-Origin":      "https://www.test-cors.org/",          "Access-Control-Allow-Headers":     "origin,Accept,Authorization,Content-Type,X-Amz-Date,X-Api-Key,X-Amz-Security-Token",          "Access-Control-Allow-Methods":     "DELETE,GET,OPTIONS,POST,PUT",          "Content-Type":                     "application/json",          "Access-Control-Allow-Credentials": "true",      }      stringBody, _ := json.Marshal(body)      resp.Body = string(stringBody)      return resp, nil  }    func handler(request events.APIGatewayProxyRequest) (events.APIGatewayProxyResponse, error) {        // simple success response       var pc be.PaymentInfo      pc.CID = "success message"        return ApiResponse(http.StatusOK, &pc)  }    func main() {      lambda.Start(handler)  }  

Postman is showing all the headers of response

When I test it in

https://www.test-cors.org/

It is showing error:

API gateway looks like this:

I have no Idea why I am getting this error. I want to know do I need to create a separate handler for OPTIONS method also? Any help is much appreciated.

OPTIONS Integration Response

https://stackoverflow.com/questions/65589235/cors-problem-with-aws-sam-cognito-and-api-gateway January 06, 2021 at 10:08AM