We are adding CORS support to the existing built-in services for metrics, health, and OpenAPI. Users have asked specifically for Helidon OpenAPI to spuport CORS because of applications or sites like Swagger U/I. It seems reasonable that there might be sites or apps that act as front ends for the metrics or health information for one or more apps.
By default metrics, health, and OpenAPI will support CORS with these settings:
allow-methods: ["GET", "HEAD", "OPTIONS"]
with the other settings defaulted. This is equivalent to:
enabled: true