By default the server only accepts requests from the same origin.
You can configure this by providing a
corsOption object into the server constructor.
corsOption shares the same properties as the cors npm module.
Since the server relies on authentication cookies to be present, setting
* for origin will not work as
* is not a permitted value when credentials are set. Instead, set it to