CORS policy.AllowAnyHeader() does not appear to work

[catmanjan]

I have the following Program.cs as part of a dotnet 8 web API project:

var builder = WebApplication.CreateBuilder(args);
builder.Logging.ClearProviders();
builder.Logging.AddConsole();

builder.Services.AddControllers();
builder.Services.AddEndpointsApiExplorer();
builder.Services.AddSwaggerGen();
builder.Services.AddCors(options =>
{
    options.AddDefaultPolicy(
        policy =>
        {
            policy.AllowAnyHeader();
            policy.AllowAnyMethod();
            policy.AllowAnyOrigin();
        });
});

var app = builder.Build();

if (app.Environment.IsDevelopment())
{
    app.UseSwagger();
    app.UseSwaggerUI();
}

app.UseHttpsRedirection();
app.UseCors();
app.UseAuthorization();
app.MapControllers();

app.Run();

Notice policy.AllowAnyHeader();. If I browse to my API in the latest Google Chrome I get the following headers, but no Access-Control-Allow-Headers.

I would expect to be receiving an Access-Control-Allow-Headers value of *

[martincostello]

This issue should be filed in the dotnet/aspnetcore repository as that's where the CORS functionality lives.