open fun allowedHeaders(vararg headers: String): CorsRegistration
Set the list of headers that a pre-flight request can list as allowed for use during an actual request.
The special value "*" may be used to allow all headers.
A header name is not required to be listed if it is one of: Cache-Control, Content-Language, Expires, Last-Modified, or Pragma as per the CORS spec.
By default all headers are allowed.