CORS request is failing

Issue

If the user allows any origin (Access-Control-Allow-Origin: *) to access the resource, the CORS request fails.
Steps to reproduce:
1. Start Liferay DXP 7.4 U90
2. Navigate to Control Panel > Instance Settings > Security Tools > CORS > Edit.
3. Access-Control-Allow-Origin as *
4. Now, call any OOTB get API, for this open postman tool > send this request (http://localhost:8080/o/headless-delivery/v1.0/sites/20119/blog-posting-images) > open code (right side) > copy javascript XHR code.
5. Hit google.com > open console and paste the code.
Expected Behavior: API Response must be seen as we allowed all origin to access the resource.
Actual Behavior: Below error is appearing in the console:
```
Access to XMLHttpRequest at 'http://localhost:8080/o/headless-delivery/v1.0/sites/20119/blog-posting-images' from origin 'https://www.google.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
```

There is an issue with the authorization header and the preflight. Hence, please add theAccess-Control-Allow-Headers: Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorizationin the CORS configuration.
And, make sure to add API endpoint in CORS configuration (for e.g. /o/headless-delivery/*)