CORS applied with WebApp.connectHandlers not working as expected

I need to apply CORS policy permits only on a specific domain.
What is the correct way to add CORS in Meteor?
Version: Meteor 2.5.3

Hi @aneesh007 we are good, thank you. How are you? My day is really good I hope yours is also fine.

How did you apply CORS and how did you expect it to work and how did it actually work if not as expected.

Thank you for your response.
We have done a penetration test and it shows a serious vulnerability in CORS
(Cross-Origin Resource Sharing (CORS) policy permits any origin (Cookies Permitted))
So we need to make it more secure by allowing CORS only to pre-defined domains.
can you please suggest a good mechanism to implement CORS in the meteor project?

Tried sample:
WebApp.rawConnectHandlers.use((req, res, next) => {
const allowedOrigins = [’,’,
const origin = req.headers.origin;

if (allowedOrigins.includes(origin)) {
  res.setHeader('Access-Control-Allow-Origin', origin);