Hi Martin,
you can add the following section to your <service-manager>\config\gateway-prod.yml file to control if CORS is enabled or not and what domains, headers and methods are allowed. The shown values for headers and methods are the default values (you don't have to list them) and can be extended as you desire.
cors.enabled: true
cors.domains: qa-rad.yuuvis.com
cors.headers:
- X-Requested-With
- Content-Type
- Accept
- Origin
- Authorization
cors.methods:
- HEAD
- GET
- POST
- PUT
- DELETE
- PATCH
Best regards
Nicolai