allowOrigin
All incoming requests must have an "Origin" header matching one of the hosts defined using this method.
Parameters
origin
expected "Origin" header, revealing the URL of the site leading up to the path (e.g. https://google.com)