if (!isOriginAllowed(origin)) { handleInvalidCORS(request, response); return false;
if (!isOriginAllowed(origin)) { handleInvalidCORS(request, response); return false;
if (!isOriginAllowed(origin)) { handleInvalidCORS(request, response); return false;
if (!isOriginAllowed(origin)) { handleInvalidCORS(request, response); return false;