Builds a CORS interceptor that allows calls from the specified allowed-origins, which is one of the following:

• a sequence of strings

• a function of one argument that returns a truthy value when an origin is allowed

• a map containing the following keys and values

:allowed-origins - either sequence of strings or a function as above

:creds - true or false, indicates whether client is allowed to send credentials

:max-age - a long, indicates the number of seconds a client should cache the response from a preflight request

:methods - a string, indicates the accepted HTTP methods. Defaults to “GET, POST, PUT, DELETE, HEAD, PATCH, OPTIONS”