allowedOrigins property
One or more response headers that you want users to be able to access from
their applications (for example, from a JavaScript
XMLHttpRequest object).
Each CORS rule must have at least one AllowedOrigins element.
The string value can include only one wildcard character (), for example,
http://.example.com. Additionally, you can specify only one wildcard
character to allow cross-origin access for all origins.
Implementation
final List<String> allowedOrigins;