Writes dynamic `Access-Control-Allow-Origin` header

SpecificOriginAttribute.cs

    /// <summary>
    /// When using 'withCredentials' in CORS, wildcard '*' cannot be used in the 'Access-Control-Allow-Origin' 
    /// header. The attribute generates a specific value for this header
    /// </summary>
    /// <seealso cref="System.Attribute" />
    /// <seealso cref="Microsoft.AspNetCore.Cors.Infrastructure.ICorsPolicyProvider" />
    [AttributeUsage(AttributeTargets.Method | AttributeTargets.Class, AllowMultiple = false)]
    public class SpecificOriginAttribute : Attribute, ICorsPolicyProvider
    {
        private string _originConfig;

        public Task<CorsPolicy> GetPolicyAsync(HttpContext context, string policyName)
        {
            if (_originConfig == null)
            {
                var config = context.RequestServices.GetService<IConfigurationRoot>();
                _originConfig = config.GetValue<string>("Cors:origins");
            }

            string origin = _originConfig == "*"
                ? $"{context.Request.Scheme}://{context.Request.Host}"
                : _originConfig;

            return Task.FromResult(new CorsPolicyBuilder(origin)
                .AllowAnyHeader()
                .AllowAnyMethod()
                .AllowCredentials()
                .Build());
        }
    }