cors: {
    allRoutes: true,
    allowOrigins: '*',
    allowCredentials: false,
  },