CORS wildcard subdomain setup is incorrect

### Description


The CORS documentation regarding wildcard subdomains using `SetIsOriginAllowedToAllowWildcardSubdomains` incorrectly states that the wildcard character * should be omitted from the domains passed to `WithOrigin` (e.g. `"https://example.com"`). Doing so causes no subdomains to be matched, and the CORS middleware does not include the required response header.

When including * in the values passed to `WithOrigin` (e.g. `"https://*.example.com"`), subdomains are matched and the CORS middleware correctly includes the required response header.

### Page URL

https://learn.microsoft.com/en-us/aspnet/core/security/cors?view=aspnetcore-8.0

### Content source URL

https://github.com/dotnet/AspNetCore.Docs/blob/main/aspnetcore/security/cors.md

### Document ID

d3f332c4-4c60-039e-0e1e-bc6b11831f87

### Platform Id

fa70aa3f-a2de-be8b-4255-e778a6edb8ff

### Article author

@tdykstra

### Metadata

* ID: 59bca5db-1196-2a8b-a0d8-4e89b2382288
* PlatformId: fa70aa3f-a2de-be8b-4255-e778a6edb8ff 
* Service: **aspnet-core**
* Sub-service: **security**

[Related Issues](https://github.com/dotnet/AspNetCore.Docs/issues?q=is%3Aissue+is%3Aopen+d3f332c4-4c60-039e-0e1e-bc6b11831f87)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

CORS wildcard subdomain setup is incorrect #36192

Description

Page URL

Content source URL

Document ID

Platform Id

Article author

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

CORS wildcard subdomain setup is incorrect #36192

Description

Description

Page URL

Content source URL

Document ID

Platform Id

Article author

Metadata

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions