+### Options
+
+| Option | Description | Default value |
+|------------------------|------------------------------------------------------------|---------------|
+| allowedMethods | Matches the request method. | `array()` |
+| allowedOrigins | Matches the request origin. | `array()` |
+| allowedOriginsPatterns | Matches the request origin with `preg_match`. | `array()` |
+| allowedHeaders | Sets the Access-Control-Allow-Headers response header. | `array()` |
+| exposedHeaders | Sets the Access-Control-Expose-Headers response header. | `false` |
+| maxAge | Sets the Access-Control-Max-Age response header. | `false` |
+| supportsCredentials | Sets the Access-Control-Allow-Credentials header. | `false` |
+
+The _allowedMethods_ and _allowedHeaders_ options are case-insensitive.
+
+You don't need to provide both _allowedOrigins_ and _allowedOriginsPatterns_. If one of the strings passed matches, it is considered a valid origin.
+
+If `array('*')` is provided to _allowedMethods_, _allowedOrigins_ or _allowedHeaders_ all methods / origins / headers are allowed.
+