http:
  middlewares:
    cors:
      headers:
        accessControlAllowMethods: ["GET", "POST", "PUT", "OPTIONS", "DELETE", "PATCH"]
        accessControlAllowOriginList: "*"
        accessControlMaxAge: 100
        accessControlAllowCredentials: true
        accessControlAllowHeaders: "*"
        accessControlExposeHeaders: ["Authorization"]
        forceSTSHeader: true
        frameDeny: true
        sslRedirect: true
        sslForceHost: true
        stsPreload: true
        stsseconds: "31536000"
        customFrameOptionsValue: "SAMEORIGIN"