protected function createResponse(Request $request, Response $response)
{
$origin = $request->headers->get('Origin');
$response->headers->set('Access-Control-Allow-Origin', $origin);
$vary = $request->headers->has('Vary') ? $request->headers->get('Vary') . ', Origin' : 'Origin';
$response->headers->set('Vary', $vary);
if ($this->allowCredentials) {
$response->headers->set('Access-Control-Allow-Credentials', 'true');
}
if ($this->exposeHeaders) {
$response->headers->set('Access-Control-Expose-Headers', implode(', ', $this->exposeHeaders));
}
return $response;
}