app.use(cors({ origin: (origin) => origin?.startsWith("http://localhost") ? origin : false, credentials: true }));
app.use(cors({ origin: ["https://app.example.com", /\.my-app\.com$/] }));
The middleware inspects the incoming Origin/Access-Control headers,
determines whether the request should be allowed, and records all response
headers so the router can apply them even if a handler returns a raw Response.
Bun-native CORS middleware compatible with bunWay's router finalizer.