AllowedOrigins is a list of origins a cross-domain request can be executed from. If the special "" value is present in the list, all origins will be allowed. An origin may contain a wildcard () to replace 0 or more characters (i.e.: http://.domain.com). Usage of wildcards implies a small performance penalty. Only one wildcard can be used per origin. Default value is [""]
AllowedMethods is a list of methods the client is allowed to use with cross-domain requests. Default value is simple methods (HEAD, GET and POST).
AllowedHeaders is list of non simple headers the client is allowed to use with cross-domain requests. If the special "*" value is present in the list, all headers will be allowed. Default value is  but "Origin" is always appended to the list.
ExposedHeaders indicates which headers are safe to expose to the API of a CORS API specification
MaxAge indicates how long (in seconds) the results of a preflight request can be cached
AllowCredentials indicates whether the request can include user credentials like cookies, HTTP authentication or client side SSL certificates.
OptionsPassthrough instructs preflight to let other potential next handlers to process the OPTIONS method. Turn this on if your application handles OPTIONS.
Provides a status code to use for successful OPTIONS requests. Default value is http.StatusNoContent (204).