Returns a CORS interceptor that allows calls from the specified allowed-origins, which is one of the following:

• a sequence of strings
• a function of one argument that returns a truthy value when an origin is allowed
• a map

For a map, the expected keys are:

• :allowed-origins - either sequence of strings or a function as above
• :creds - true or false, indicates whether client is allowed to send credentials
• :max-age - a long, indicates the number of seconds a client should cache the response from a preflight request
• :methods - a string, indicates the accepted HTTP methods. Defaults to “GET, POST, PUT, DELETE, HEAD, PATCH, OPTIONS”

An interceptor that provides a default origin header as a blank string, if not supplied in the incoming request.

This is used in development, and added by default by the dev-interceptors function.