Browsers sometimes reject wildcard origins (*) in Access-Control-Allow-Origin headers, so a common practice is for the server to simply mirror the domain back, instead of sending *. Can http-server support this?

Steps to reproduce the issue, if applicable. Include the actual command and output and/or stack trace.

npx http-server --cors

What did you expect to happen?

Expected http-server to send the header based on the request's Origin header:
Access-Control-Allow-Origin: localhost:8088

What actually happened?

http-server sent this header:
Access-Control-Allow-Origin: *

and the browser rejected it:

Access to XMLHttpRequest at 'http://127.0.0.1:8082/sample.json' from origin 'http://localhost:8088' has been blocked by CORS policy: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.

If the issue is a feature request, what is the motivation / use case for it?

Tell us about your environment

• exact http-server version: latest
• Node version: n/a
• Platform: n/a

Other information (related issues, suggestions for a fix, etc):