http.cors.enabled: true
http.cors.allow-origin: "*"