cors policy adds cross-origin resource sharing (CORS) support to an operation or an API to allow cross-domain calls from browser-based clients.allowed-methods and allowed-headers sections as shown in the following example.corsallowed-originsorigin elements that describe the allowed origins for cross-domain requests. allowed-origins can contain either a single origin element that specifies * to allow any origin, or one or more origin elements that contain a URI.origin* to allow all origins, or a URI that specifies a single origin. The URI must include a scheme, host, and port.allowed-methodsmethod elements that specify the supported HTTP verbs.methodmethod element is required if the allowed-methods section is present.allowed-headersheader elements specifying names of the headers that can be included in the request.expose-headersheader elements specifying names of the headers that will be accessible by the client.headerheader element is required in allowed-headers or expose-headers if the section is present.allow-credentialsAccess-Control-Allow-Credentials header in the preflight response will be set to the value of this attribute and affect the client’s ability to submit credentials in cross-domain requests.preflight-result-max-ageAccess-Control-Max-Age header in the preflight response will be set to the value of this attribute and affect the user agent’s ability to cache pre-flight response.