The list of headers that will be allowed from the client via the Access-Control-Allow-Headers header. '*' will allow all headers.
The list of allowed HTTP methods that will be returned for the preflight OPTIONS request in the Access-Control-Allow-Methods header. '*' will allow all methods.
The list of allowed origins that the CORS handler will use to respond to CORS requests. The gateway will send the Access-Control-Allow-Origin header with the best origin match for the circumstances. '*' will match any origins, and 'null' will match queries from 'file:' origins. All other origins must be qualified with the scheme, full hostname, and port if necessary.
The list of headers that the client will be allowed to see from the response as indicated by the Access-Control-Expose-Headers header. '*' will expose all headers.
Whether to send the Access-Control-Allow-Credentials header to allow CORS requests with cookies.
The time in seconds for the client to cache preflight responses. This is sent as the Access-Control-Max-Age if greater than 0. Note: Numbers greater than Number.MAX_SAFE_INTEGER will result in rounding issues.
Enable CORS (Cross-Origin-Resource-Sharing) request handling.