org.springframework.web.cors.CorsConfiguration.addAllowedOrigin(...) is used to configure cross-origin requests.
By default, a newly created CorsConfiguration is safe because it doesn't allow any cross-origin requests.
RSPEC-5122 should raise an issue when addAllowedOrigin(...) or applyPermitDefaultValues() is called.
When both are called in the same method, issue should be raised on addAllowedOrigin and secondary location on applyPermitDefaultValues.
Code sample extracted from https://gitlab.com/crafts-records/pangloss/pangloss-backend-java-springboot1: