Skip cors headers if domain not matching

[vojkny]

I am adding cors as follows:

private val corsPolicy = CorsPolicy(
    originPolicy = OriginPolicy.AnyOf(systemEnv("ORIGIN_POLICY").split(",")),
    headers = listOf("*"),
    methods = Method.entries,
)

val corsFilter = Cors(corsPolicy)

This works for matching domains:

< Access-Control-Allow-Origin: my-domain.com
< Access-Control-Allow-Headers: *
< Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS, TRACE, PATCH, PURGE, HEAD

But for not matching domains, it ends up like this:

< Access-Control-Allow-Origin: null
< Access-Control-Allow-Headers: *
< Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS, TRACE, PATCH, PURGE, HEAD

Wouldn't it be better to completely skip adding these headers?