feat: enhance CORS configuration with customizable headers and methods

src/main/resources/application.yaml

@@ -371,6 +371,27 @@ hapi:
       allow_Credentials: true
       allowed_origin:
         - "*"
+      # Optional overrides. If omitted, built-in defaults are used.
+      # allowed_headers:
+      #   - Origin
+      #   - Accept
+      #   - Content-Type
+      #   - Authorization
+      #   - Cache-Control
+      #   - If-Match
+      #   - If-None-Match
+      # exposed_headers:
+      #   - Location
+      #   - Content-Location
+      #   - ETag
+      # allowed_methods:
+      #   - GET
+      #   - POST
+      #   - PUT
+      #   - DELETE
+      #   - OPTIONS
+      #   - PATCH
+      #   - HEAD
 
     # -------------------------------------------------------------------------------
     # L. Search Orchestration