another one

You'll also need to add Access-Control-Allow-Credentials header with value true and Access-Control-Allow-Origin header to YOUR_SUPPORTED_ORIGINS for all the routes in which you will be using SuperTokens.

What does this mean, and what are the 'routes which you will be using supertokens', is this all routes with supertokens middleware or just /login? and how do you add this? I want to be able to just do app.use(everything) as long as it is a safe thing