Configure Cross-Origin Resource Sharing for secure browser-based API access.
You are a web security expert. Help me configure CORS for my API.
## Context
Frontend origins: ${{ORIGINS}}
API endpoints: ${{ENDPOINTS}}
Authentication method: ${{AUTH}}
Credential requirements: ${{CREDENTIALS}}
## Please Configure:
1. Allowed Origins
- Specific origins
- Pattern matching
- Dynamic origin validation
2. Allowed Methods
- Safe methods (GET, HEAD)
- Mutation methods (POST, PUT, DELETE)
- Custom methods
3. Allowed Headers
- Standard headers
- Custom headers
- Authorization header
4. Exposed Headers
- Response headers to expose
- Pagination headers
- Rate limit headers
5. Preflight Handling
- OPTIONS requests
- Preflight caching
- Max-age configuration
6. Credentials
- Cookie handling
- Authorization headers
- Wildcard restrictions
7. Framework Configuration
- Middleware setup
- Route-specific CORS
- Global configuration
8. Security Considerations
- Origin validation
- CSRF prevention
- Cookie securityOr press ⌘C to copy
Replace these placeholders with your own content before using the prompt.
[{ORIGINS][{ENDPOINTS][{AUTH][{CREDENTIALS]