CORS: list of trusted domains with credentials enabled + all other domains enabled for CORS but without credentials

[voslartomas]

Is your feature request related to a problem? Please describe. We have list of "trusted" domains, for which we would like to enable Access-Control-Allow-Credentials as we have some old applications accessing gateway, which uses cookies for authentication. But at the same time this gateway is publicly accessible so for all the other domains we would like to keep it without Credentials.

Also at the moment we are able to define only list of origins for which CORS will work, but we need to enable CORS for every single domain, but enable credentials for only few of them (our trusted ones)

Describe the solution you'd like It would be handy to have configuration option with one list for secured/trusted domains and be able to enable Credentials and rest would be disabled.

Describe alternatives you've considered Alternative would be to probably write our own plugin for this.