nthsky commented on issue #7314: URL: https://github.com/apache/apisix/issues/7314#issuecomment-1181601030
> > > > [https://github.com/apache/apisix/blob/master/apisix/plugins/cors.lua#L167-L172](https://github.com/apache/apisix/blob/master/apisix/plugins/cors.lua?rgh-link-date=2022-07-12T09%3A50%3A25Z#L167-L172) > > > > > > > > > when allow-credentials is true, it is not allowed to set other field to `*` > > > > > > ok, I get it. So far, APISIX returns the header `Foo:Bar`, but it is not available in the browser, I don't think this is due to APISIX but browser. > > Yes, but we need to know the exact meaning for `**` and why it's not effective. According to the plugin's code, `**` is special handling of the plugin. For example, `**` for `allow origin` put the origin host to the `access-control-allow-origin`. Other config is similar but just not handle the `expose_headers`. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org