Hi team, I’m working on a project which uses HTTP4K and we have a need to enable CORS on our service. Our service lives in multiple environments, and has multiple domains in each environment which we’d like to whitelist so they can access it; resulting in all other domains being rejected. CORS feels like the right solution here, but please say if it isn’t. Regardless, we noticed something which we’d like to discuss with you - the CorsPolicy class expects a list of origins

data class CorsPolicy(val origins: List<String>

, however using a list of more than one value results in an error in the browser (https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/CORSMultipleAllowOriginNotAllowed). We’ve seen the original spec for CORS and it says that a list of origins is expected, however it isn’t supported, so I’m wondering if that’s what’s happening here. it’s tough to say because of the circumstances, but is this a bug in HTTP4K?