HttpServletRequest httpRequest = (HttpServletRequest) request;
HttpServletResponse httpResponse = (HttpServletResponse) response;
httpResponse.setHeader("Access-Control-Allow-Credentials", "true");
httpResponse.setHeader("Access-Control-Allow-Origin", "*");
httpResponse.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
httpResponse.setHeader("Access-Control-Allow-Headers", "api");
if ("OPTIONS".equals(httpRequest.getMethod())) {
httpResponse.setStatus(204);
//httpResponse.setHeader("Cache-Control", "no-cache");
}