azura27 commented on issue #4496: URL: https://github.com/apache/apisix/issues/4496#issuecomment-870175347
> You can learn more detail about `Access-Control-Allow-Origin` in [Access-Control-Allow-Origin](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin#directives) and [CORSNotSupportingCredentials](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/CORSNotSupportingCredentials) NOT find the evidence either. In our product environment, this is not suitable, and in similar gateway server KONG, the headers config onliy limit origin. We've remove other headers' limitation in our own ENV. If this is the design, then take this issue as an suggestion -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
