CORS: Cross-domain requests - CSRF - Cross Site Request Forgery PROTECTION

http-cors.txt

Debugging: chrome://net-internals/#events

Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Allow-Credentials: 'Content-type, Authorization'
Access-Control-Allow-Origin: $ORIGIN

$ORIGIN = if(inWhitelist(requestOriginHeader) return requestOriginHeader

// Se esta na whitelist entao meter esse domain la
// Incluir ports no Allow Origin Header!!!