# CORS

The CORS section defines the CORS policy for your application.

* `allow_origins`: Specifies which origins are allowed.
* `allow_methods`: Lists the HTTP methods allowed.
* `allow_headers`: Headers that are allowed in requests.
* `expose_headers`: Headers that are exposed in responses.
* `allow_credentials`: Indicates whether credentials are supported.
* `max_age`: Specifies the cache duration for preflight requests.

**Example**

```
"cors": {
    "allow_origins": [
        "https://example.com",
        "https://example2.com"
    ],
    "allow_methods": [
        "GET",
        "POST",
        "PUT",
        "DELETE"
    ],
    "allow_headers": [
        "Content-Type",
        "Authorization"
    ],
    "expose_headers": [
        "Content-Type",
        "Authorization"
    ],
    "allow_credentials": true,
    "max_age": 86400
}
```

<br>