val allowCredentials: String
Whether the browser should include any cookies associated with the domain of the request being annotated. Be aware that enabling this option could increase the surface attack of the web application (for example via exposing sensitive user-specific information like CSRF tokens).
Set to "true" means that the pre-flight response will include the header Access-Control-Allow-Credentials=true so such cookies should be included.
If undefined or set to "false", such header is not included and credentials are not allowed.