Yet another developer blog: Reconfiguring CORS policy in ASP.NET Core at runtime

Let's assume that there is an application which contains two APIs. One is considered "private" so only other applications from the same suite can use it, while the second is "public" and client administrator should be able to configure it so it can be used with any 3rd party application.