nelmio_cors:
    defaults:
        allow_credentials: false
        allow_origin: []

# Allow Hot Reloading CORS
when@dev:
    nelmio_cors:
        defaults:
            origin_regex: false
            allow_origin: [  'http://localhost:3000' ]
            allow_headers: ['Content-Type', "X-Requested-With"]
            allow_methods: [ 'POST', 'PUT', 'GET', 'DELETE' ]
            skip_same_as_origin: true