Flaskでresponse headerを設定したい。

アプリケーションからFlask APIにGET処理(with cookie)を行いたいのですが、どうしてもcorsでエラーが出てしまいます。

Access to fetch at 'https://flask-api.herokuapp.com/api/works' from origin 'http://localhost:3000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Credentials' header in the response is '' which must be 'true' when the request's credentials mode is 'include'.

このようにAPI側にレスポンスヘッダーに中にAccess-Control-Allow-Credentialsをtrueにしろと言われているのですが、うまく行きません
下記にflask APIのコードを示します。どのようにレスポンスヘッダーを指定すればいいのでしょうか？

from flask import *
import os
import requests
from bs4 import BeautifulSoup
from flask_cors import CORS, cross_origin
import time

app = Flask(__name__)
CORS(app)
letus = "https://hoge.com"

def Get_Works(cookie):
    session = requests.session()
    headers = {'Cookie': cookie}
    print(headers)
    res = session.post(letus, headers=headers)
    data = {}

    content = BeautifulSoup(res.content, 'html.parser')
    events = content.find_all("div", class_="event")
    subjects = []


    for i, event in enumerate(events):
        wrap = event.text.strip().split("\n")
        subject = {
            "url": event.a['href'],
            "name": wrap[0],
            "limit": wrap[1],
        }
        subjects.append(subject)
    data["subjects"] = subjects
    return data


@app.route("/api/works", methods=["GET"])
def F_works():
    headers = request.headers
    print(headers)
    cookie = headers.get('Cookie')
    print("cookie")
    print(cookie)
    if not cookie:
        return {}
    print(cookie)
    data = Get_Works(cookie)
    return data


if __name__ == '__main__':
    app.run(host="0.0.0.0", port=int(os.environ.get("PORT", 5000)))