A:
- Globally: enabling CORS for all routes and origins (e.g. app.use(cors()))
- Whitelisting specific origins: passing an array of allowed origins and rejecting others via a callback or middleware.
- Restricting HTTP methods (GET, POST, etc.).
- Using CORS as route-specific middleware.
