Show how to enable all origins in HTTP CORS section

docs/src/main/asciidoc/http-reference.adoc

@@ -328,6 +328,20 @@ quarkus.http.cors.access-control-max-age=24H
 quarkus.http.cors.access-control-allow-credentials=true
 ----
 
+`/https://([a-z0-9\\-_]+)\\.app\\.mydomain\\.com/` is treated as a regular expression because it is surrounded by forward slash characters.
+
+=== Support all origins in devmode
+
+Having to configure required origins when you only start developing a Quarkus application requiring CORS support can be difficult and in such cases you may want to enable all origins in devmode only in order to focus on the actual application development first:
+
+[source, properties]
+----
+quarkus.http.cors=true
+%dev.quarkus.http.cors.origins=/.*/
+----
+
+It is important that you enable all origins only in dev profile, supporting all origins in production is not recommended if you would like CORS filter be effective in blocking unauthorized origins.
+
 == HTTP Limits Configuration
 
 include::{generated-dir}/config/quarkus-vertx-http-config-group-server-limits-config.adoc[leveloffset=+1, opts=optional]