Cors in cakephp 3.6

behavior

#1

I am using cors for my app with Cakephp 3.6
I am writing this in AppContoller.php
So that all my API is allowed on other host requests.
use Cake\Event\Event;
use App\Model\Entity\Users as UsersEntity;
use Cake\Http;
use Cake\Http\CorsBuilder;

public function beforeFilter(Event $event)
    {
        parent::beforeFilter($event);
        $this->response->cors($this->request)
             ->allowOrigin(['*'])
             ->allowMethods(['GET', 'POST'])
             ->allowHeaders(['Content-Type','X-CSRF-Token','Authorization'])          
             ->maxAge(172800)
             ->build();

    }

Is this Correct ? Then why this is not working?
Thanks