nthsky commented on issue #7314: URL: https://github.com/apache/apisix/issues/7314#issuecomment-1181229640
> I can't find the explanation about `**` easily. Do you have any materials? https://apisix.apache.org/docs/apisix/plugins/cors exposed_headers > Headers in the response allowed when accessing a cross-origin resource. Use , to add multiple headers. If allow_credential is set to false, you can enable CORS for all response headers by using *. If allow_credential is set to true, you can forcefully allow CORS on all response headers by using ** but it will pose some security issues. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org