CORS set multiple domains

[NKid]

Describe the bug
prest.toml

[cors]
alloworigin = ["https://www.domain1.com", "https://www.domain2.com"]

Frontend using js fetch call pREST in domain1's webpage, it failed.
Firefox show these messages.

• Reason: CORS header ‘Access-Control-Allow-Origin’ does not match ‘https://www.domain1.com,https://www.domain2.com’
• Reason: CORS request did not succeed

But when I using this setting, it works.

[cors]
alloworigin = ["https://www.domain1.com"]

To Reproduce
js fetch

let headers = new Headers();
headers.set('Authorization', 'Bearer {token}');
headers.set('Accept','application/json');

fetch('https://www.myserver.com/prest/public/prest_users', {
    method: 'GET',
    mode: 'cors',
    headers: headers
}).then((response) => {
    return response.json();
}).then((jsonData) => {
    console.log(jsonData);
});

Expected behavior
Return table data (JSON)

Desktop (please complete the following information):

• pREST version (or commit ref): v1.0.10
• pREST endpoint: /prest/public/prest_users
• PostgreSQL version: docker image postgres:13-alpine
• OS: [e.g. Debian Tid]: apline
• Go version:
• Log gist:

Additional context
I think the header Access-Control-Allow-Origin sholud only return current request domain.
Here is pseudocode to present my thoughts.

var allowOrigins = ["https://www.domain1.com","https://www.domain2.com"];
var origin = Request.Headers["Origin"];
if (allowOrigins.includes(orgin)) {
  Response.AddHeader("Access-Control-Allow-Origin", origin);
}