CORS error when sending wrong api-key

Hi,

We have an API that uses x-api-key (private: true) and CORS. Cors works fine in all cases other than when the user sends a bad API key. In that case we observe that the CORS headers are not present. Since the API key is validated by the Gateway and not our code, I am not sure what we can do to fix that. Any suggestions?

So I figured out how to set this manually, is there a way to do it from Serverless framework?