I am using NodeJS as my backend. My problem is if I use withCredentials inside Http request. I have to set my res.header("Access-Control-Allow-Origin", "*"); to be a specific url, it cant be *. What should I set here? Because I need withCredentials to store session, otherwise session will lost.