AllowOriginFunc is set, but the content of AllowedOrigins is not ignored

The [last sentence  of the following description](https://github.com/rs/cors#parameters) in the README does not seem to be strict (when `AllowCredentials:true` is set).
> AllowOriginFunc func (origin string) bool: A custom function to validate the origin. It takes the origin as an argument and returns true if allowed, or false otherwise. __If this option is set, the content of AllowedOrigins is ignored.__

I wrote the following code:
```go
r := gin.Default()

r.Use(cors.New(cors.Options{
  AllowedOrigins: []string{"*"}, // I also wrote other origins
  AllowCredentials: true,
  AllowOriginFunc: func(origin string) bool { // I thought this function can cover AllowedOrigins
    return true
  },
}))
```

When I made a request to the server, my browser console reported a cross-domain error:

![image](https://user-images.githubusercontent.com/16490377/58967145-36047380-87e6-11e9-82d0-bb20bb124bb3.png)


If I comment out `AllowedOrigins: []string{"*"}`, there will be no problem.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

AllowOriginFunc is set, but the content of AllowedOrigins is not ignored #80

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

AllowOriginFunc is set, but the content of AllowedOrigins is not ignored #80

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions