nelmio_cors:
  defaults:
    origin_regex: true
#    allow_origin: [ '%env(CORS_ALLOW_ORIGIN)%' ] # you can test locally with this value '^https?://(localhost|127\.0\.0\.1)(:[0-9]+)?$'
    allow_origin: [ '^https?://(localhost|127\.0\.0\.1)(:[0-9]+)?$' ]
    allow_methods: [ 'GET', 'OPTIONS', 'POST', 'PUT', 'PATCH', 'DELETE' ]
    allow_headers: [ '*' ]
    expose_headers: [ 'Authorization' ]
    allow_credentials: true
    max_age: 3600
  paths:
    '^/': ~