Builds a CORS interceptor that allows calls from the specified `allowed-origins`, which is one of the following:
- a sequence of strings
- a function of one argument that returns a truthy value when an origin is allowed
- a map containing the following keys and values
:allowed-origins - either sequence of strings or a function as above
:creds - true or false, indicates whether client is allowed to send credentials
:max-age - a long, indicates the number of seconds a client should cache the response from a preflight request
:methods - a string, indicates the accepted HTTP methods. Defaults to "GET, POST, PUT, DELETE, HEAD, PATCH, OPTIONS"