Specifies Cross-Origin Resource Sharing (CORS) rules for your server.
If omitted, defaults are typically very restrictive (often no cross-origin requests). Configure carefully if you want to allow usage from browsers hosted on other domains.
CorsConfig()Optional. List of allowed origins (e.g., "https://example.com").
Default is often an empty list (no external origins). Use "*" only if you trust all origins, as that bypasses most restrictions.
Optional. HTTP methods permitted for cross-origin requests (e.g. ["GET", "POST"]).
Default might be ["GET", "POST", "OPTIONS"] depending on your server framework.
Optional. HTTP headers that can be used in cross-origin requests (e.g. ["Content-Type", "Authorization"]).
Optional. If True, cross-origin requests can include credentials (cookies, auth headers).
Default False to avoid accidentally exposing secured endpoints to untrusted sites.
Optional. A regex pattern for matching allowed origins, used if you have dynamic subdomains.
Example: "^https://.*.mycompany.com$"
Optional. List of headers that browsers are allowed to read from the response in cross-origin contexts.
Optional. How many seconds the browser may cache preflight responses.
Default might be 600 (10 minutes). Larger values reduce preflight requests but can cause stale configurations.