(allow-origin allowed-origins)

Builds a CORS interceptor that allows calls from the specified allowed-origins, which is one of the following:

  • a sequence of strings

  • a function of one argument that returns a truthy value when an origin is allowed

  • a map containing the following keys and values

:allowed-origins - either sequence of strings or a function as above

:creds - true or false, indicates whether client is allowed to send credentials

:max-age - a long, indicates the number of seconds a client should cache the response from a preflight request

:methods - a string, indicates the accepted HTTP methods. Defaults to “GET, POST, PUT, DELETE, HEAD, PATCH, OPTIONS”