resolvi assim

let cors = warp::cors()
    .allow_any_origin()
    .allow_methods(vec!["GET", "POST", "DELETE", "PUT"])
    .allow_headers(vec!["User-Agent", "Sec-Fetch-Mode", "Referer", "Origin", "Access-Control-Request-Method", "Access-Control-Request-Headers"])
    .max_age(3600);