open fun allowCredentials(allowCredentials: Boolean): CorsRegistration
Whether user credentials are supported. Be aware that enabling this option could increase the surface attack of the web application (for example via exposing sensitive user-specific information like CSRF tokens).
By default credentials are not allowed.