Description
In CORS configuration we don't have access for request and response, e.g. by servlet filter
We have allowedOriginsPattern to override * wildcard when we are using allowCredentials=true
In this situation we overwrite allowed-origin header by request origin, but heders and methods are still not overwrite wildcard which is not allowed by documentation when we allow credentials.
When some configuration for requestHeaders, exposedHeaders, allowedMethods is null then all is clear,
but when we have allowed credentials and some list is defined with one value with asterisk then it should be overwritten according to CORS documentation.
It is problematically for preflighted requests when we don't know all request headers or exposed headers,
but in single request it should be overwritten according to headers from request and response when we allow credentials,
or we should have possibility to calculate cors headers dynamically based on request and response to fix it manually.