* cors+preflight

* timeout change

src/App/Response/JsonCorsResponse.php

@@ -0,0 +1,32 @@
+<?php
+
+namespace App\Response;
+
+use Zend\Diactoros\Response\JsonResponse;
+
+class JsonCorsResponse extends JsonResponse
+{
+    const ALLOW_HEADERS = [
+        'DNT',
+        'X-CustomHeader',
+        'Keep-Alive',
+        'User-Agent',
+        'X-Requested-With',
+        'If-Modified-Since',
+        'Cache-Control',
+        'Content-Type',
+        'Authorization',
+    ];
+
+    public function __construct(
+        $data,
+        $status = 200,
+        array $headers = [],
+        $encodingOptions = self::DEFAULT_JSON_FLAGS
+    ) {
+        $headers['Access-Control-Allow-Origin'] = '*';
+        $headers['Access-Control-Allow-Methods'] = 'OPTIONS,GET,POST,PUT,PATCH,DELETE';
+        $headers['Access-Control-Allow-Headers'] = implode(",", self::ALLOW_HEADERS);
+        parent::__construct($data, $status, $headers, $encodingOptions);
+    }
+}