CorsDecision
The outcome of a {@see \Milpa\Live\Contracts\Security\CorsPolicyInterface::check()} decision. `$headers` are the CORS response headers to attach when `$allowed` is `true`; they carry no meaning when `$allowed` is `false`, and `$reason` carries no meaning when `$allowed` is `true`.
CorsDecision::__construct()
public function __construct(bool $allowed, array $headers = [], ?string $reason = null):Parameters
| Name | Type | Description |
|---|---|---|
| $allowed | bool | Whether the caller MUST proceed with the request. |
| $headers | array<string, string> | Response headers to send (e.g. `Access-Control-Allow-Origin`) when `$allowed` is `true`. |
| $reason | (string | null) | A short machine-readable denial reason (e.g. `'origin_not_allowed'`) when `$allowed` is `false`. |