Example of CORS headers for API Gateway with Authorization and Cookies

cors.json

{
    "Access-Control-Allow-Headers":
        "Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token, Access-Control-Allow-Origin, Access-Control-Allow-Methods, Access-Control-Allow-Credentials, Cookie, Set-Cookie",
    "Access-Control-Allow-Origin":  "*", 
    "Access-Control-Allow-Methods": "POST, OPTIONS, GET",
    "Access-Control-Allow-Credentials": true 
}