[help] Access-Control-Allow-Credentials: true, Access-Control-Allow-Origin cannot be *, but I did not find the corresponding implementation

[rentiansheng]

If ajax wants to carry cookies when sending cross-domain requests, the withcredentials attribute of the request object must be set to true.

At this time, the server response header Access-Control-Allow-Origin cannot be * (asterisk), it must be a whitelist style, that is, which URLs must be allowed to access, except for the response header Access-Control-Allow-Origin Setting, you must also set another response header: Access-Control-Allow-Credentials: true.

	if c.allowCredentials {
                 // TODO：Missing settings for Access-Control-Allow-Origin, when AllowedOrigins=*
		headers.Set("Access-Control-Allow-Credentials", "true")
	}

[rs]

See #57

[rentiansheng]

Can we abstract the Access-Control-Allow-Origin value as an adapter, the default is to use the current behavior, and also allow users to customize their own behavior, in the test environment, the source here is a bit complicated. @rs

[rs]

You can use AllowOriginFunc and always return true.

[rentiansheng]

You can use AllowOriginFunc and always return true.
If this is AllowedOrigins=[""], the returned Access-Control-Allow-Origin=, not the value of Access-Control-Allow-Origin is not the origin url address in the actual request