For my web app, I sometimes get errors like Request header field Pragma is not allowed by Access-Control-Allow-Headers in preflight response, which I can solve by configuring Access-Control-Allow-Headers: * on the server side.
Are there any security implications for doing this?
