You can configurate the cors service in config/cors.php with the following parameters:
- allow_origins:
A list of all allowed origins in format
schema://domain.tld. - max_age: Time specification in seconds, how long the browser may hold the cache result.
- allow_credentials: It is allowed to forward credentials? See Access-Control-Allow-Credentials on developer.mozilla.org