This page describes a number of configuration options to adjust the security of your CXO-Cockpit application. Basic knowledge of .NET configuration files is required to apply these options.
...
To allow multiple sub origins you can use "*" sign in the name e.g. (e.g. "https://*.example.com", "https://localhost*"))
It is possible to allow any origin by specifying "*" string it he "Allowed origins" field. This setting is strongly discouraged since it is insecure configuration.
- "Cross-Origin Resource Sharing (CORS): Allow Credentials" setting should be always false by default.
...