go - CORS problem with AWS SAM, Cognito and Api Gateway

Question

I have created a Lambda function with event type Api. I am also using Cognito Authorizer. Now I want to enable CORS for this Api. My code is like this -

SAM Template:

AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: >
  core test

Globals:
  Function:
    Timeout: 5
    MemorySize: 128

Parameters:
  Version:
    Type: String
    Default: prod
  AdminStackName:
    Description: Test stack.
    Type: String
    MinLength: 1
    MaxLength: 255
    AllowedPattern: "^[a-zA-Z][-a-zA-Z0-9]*$"
    Default: test-stack
    
Resources:
  BEApi:
    Type: AWS::Serverless::Api
    Properties:
      Name: core-test
      StageName: !Ref Version
      Cors:
        AllowMethods: "'DELETE,GET,OPTIONS,POST,PUT'"
        AllowHeaders: "'Content-Type,Authorization,X-Amz-Date,X-Api-Key,X-Amz-Security-Token'"
        AllowOrigin: "'https://www.test-cors.org/'"  
        AllowCredentials: True
      Auth:
        Authorizers:
          CognitoAuthorizer:
            UserPoolArn: 
              Fn::ImportValue:
                Fn::Sub: "${AdminStackName}-BEUserPoolArn" 

  CoreFunction:
    Type: AWS::Serverless::Function 
    Properties:
      CodeUri: src/core
      Handler: core
      Runtime: go1.x
      Tracing: Active 
      Policies: AmazonDynamoDBReadOnlyAccess
      Events:
        CatchAll:
          Type: Api 
          Properties:
            Path: /api/core
            Method: GET
            RestApiId: !Ref BEApi
            Auth:
              Authorizer: CognitoAuthorizer 

Simple Golang lambda handler:

 func ApiResponse(status int, body interface{}) (events.APIGatewayProxyResponse, error) {
    resp := events.APIGatewayProxyResponse{}
    resp.StatusCode = status
    resp.Headers = map[string]string{
        "Access-Control-Allow-Origin":      "https://www.test-cors.org/",
        "Access-Control-Allow-Headers":     "origin,Accept,Authorization,Content-Type,X-Amz-Date,X-Api-Key,X-Amz-Security-Token",
        "Access-Control-Allow-Methods":     "DELETE,GET,OPTIONS,POST,PUT",
        "Content-Type":                     "application/json",
        "Access-Control-Allow-Credentials": "true",
    }
    stringBody, _ := json.Marshal(body)
    resp.Body = string(stringBody)
    return resp, nil
}

func handler(request events.APIGatewayProxyRequest) (events.APIGatewayProxyResponse, error) {

    // simple success response 
    var pc be.PaymentInfo
    pc.CID = "success message"

    return ApiResponse(http.StatusOK, &pc)
}

func main() {
    lambda.Start(handler)
}

Postman is showing all the headers of response

When I test it in

https://www.test-cors.org/

It is showing error:

API gateway looks like this:

I have no Idea why I am getting this error. I want to know do I need to create a separate handler for OPTIONS method also? Any help is much appreciated.

OPTIONS Integration Response

Answer 1

等待大神答复