AllowCredentials should be true in AllowAll()

Question

mcluseau opened this issue 5 years ago · 1 comments

Hi, thanks for this great module :-)

I think there a mismatch at least with the godoc about AllowCredentials, I think it should be true here: https://github.com/rs/cors/blob/master/cors.go#L196

Answer 1 · 2020-08-04T14:56:31.000Z

It is not allowed to have AllowedOrigins set to * with AllowCredentials set to true at the same time.