Sending cookies cross domain requires withCredential setting to true which means access-control-allow-origin cannot be wild card.
But there is an easy way around this.
w.Header().Set("Access-Control-Allow-Origin", r.Header.Get("Origin"))
This will effectively allow all origin, but is this the recommended way of doing this?
It seems like there is a reason for not allowing all origins
CORS: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true'
What is the general recommended way of allowing all origin when withCredential is true?