Since 2015, GitHub Pages supports Cross-Origin Resource Sharing (CORS) and every GitHub Pages page has
Access-Control-Allow-Origin: * in their response headers by default.
Is there a way to specify which origins should be allowed rather than the wildcard ‘*’? Maybe via a variable in the CI/CD?
We are serving some files with GitHub Pages and trying to load them in another GitHub Pages page in a different repo but we’re having credentials set to include which doesn’t work with the wildcard
* for “