docs: update example in cors plugin (apache#10308)

docs/en/latest/plugins/cors.md

@@ -40,7 +40,7 @@ The `cors` Plugins lets you enable [CORS](https://developer.mozilla.org/en-US/do
 | expose_headers            | string  | False    | "*"     | Headers in the response allowed when accessing a cross-origin resource. Use `,` to add multiple headers. If `allow_credential` is set to `false`, you can enable CORS for all response headers by using `*`. If `allow_credential` is set to `true`, you can forcefully allow CORS on all response headers by using `**` but it will pose some security issues.                                    |
 | max_age                   | integer | False    | 5       | Maximum time in seconds the result is cached. If the time is within this limit, the browser will check the cached result. Set to `-1` to disable caching. Note that the maximum value is browser dependent. See [Access-Control-Max-Age](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Max-Age#Directives) for more details.                                            |
 | allow_credential          | boolean | False    | false   | When set to `true`, allows requests to include credentials like cookies. According to CORS specification, if you set this to `true`, you cannot use '*' to allow all for the other attributes.                                                                                                                                                                                                     |
-| allow_origins_by_regex    | array   | False    | nil     | Regex to match with origin for enabling CORS. For example, `[".*\.test.com"]` can match all subdomain of `test.com`. When set to specified range, only domains in this range will be allowed, no matter what `allow_origins` is.                                                                                                                                                                   |
+| allow_origins_by_regex    | array   | False    | nil     | Regex to match origins that allow CORS. For example, `[".*\.test.com$"]` can match all subdomains of `test.com`. When set to specified range, only domains in this range will be allowed, no matter what `allow_origins` is.                                                                                                                                                                   |
 | allow_origins_by_metadata | array   | False    | nil     | Origins to enable CORS referenced from `allow_origins` set in the Plugin metadata. For example, if `"allow_origins": {"EXAMPLE": "https://example.com"}` is set in the Plugin metadata, then `["EXAMPLE"]` can be used to allow CORS on the origin `https://example.com`.                                                                                                                          |
 
 :::info IMPORTANT

docs/zh/latest/plugins/cors.md

@@ -40,7 +40,7 @@ description: 本文介绍了 Apache APISIX cors 插件的基本信息及使用
 | expose_headers   | string  | 否   | "*"    | 允许跨域访问时响应方携带哪些非 `CORS 规范` 以外的 Header。如果你有多个 Header，请使用 `,` 分割。当 `allow_credential` 为 `false` 时，可以使用 `*` 来表示允许任意 Header。你也可以在启用了 `allow_credential` 后使用 `**` 强制允许任意 Header，但请注意这样存在安全隐患。 |
 | max_age          | integer | 否   | 5      | 浏览器缓存 CORS 结果的最大时间，单位为秒。在这个时间范围内，浏览器会复用上一次的检查结果，`-1` 表示不缓存。请注意各个浏览器允许的最大时间不同，详情请参考 [Access-Control-Max-Age - MDN](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Max-Age#directives)。 |
 | allow_credential | boolean | 否   | false  | 是否允许跨域访问的请求方携带凭据（如 Cookie 等）。根据 CORS 规范，如果设置该选项为 `true`，那么将不能在其他属性中使用 `*`。 |
-| allow_origins_by_regex | array | 否   | nil  | 使用正则表达式数组来匹配允许跨域访问的 Origin，如 `[".*\.test.com"]` 可以匹配任何 `test.com` 的子域名 `*`。如果 `allow_origins_by_regex` 属性已经指定，则会忽略 `allow_origins` 属性。 |
+| allow_origins_by_regex | array | 否   | nil  | 使用正则表达式数组来匹配允许跨域访问的 Origin，如 `[".*\.test.com$"]` 可以匹配任何 `test.com` 的子域名。如果 `allow_origins_by_regex` 属性已经指定，则会忽略 `allow_origins` 属性。 |
 | allow_origins_by_metadata | array | 否    | nil   | 通过引用插件元数据的 `allow_origins` 配置允许跨域访问的 Origin。比如当插件元数据为 `"allow_origins": {"EXAMPLE": "https://example.com"}` 时，配置 `["EXAMPLE"]` 将允许 Origin `https://example.com` 的访问。  |
 
 :::info IMPORTANT

t/plugin/cors.t

@@ -723,7 +723,7 @@ qr/failed to check the configuration of plugin cors err: you can not/
                             "expose_headers": "ex-headr1,ex-headr2",
                             "max_age": 50,
                             "allow_credential": true,
-                            "allow_origins_by_regex":[".*\\.test.com"]
+                            "allow_origins_by_regex":[".*\\.test.com$"]
                         }
                     },
                     "upstream": {
@@ -802,7 +802,7 @@ Access-Control-Allow-Credentials:
                             "expose_headers": "ex-headr1,ex-headr2",
                             "max_age": 50,
                             "allow_credential": true,
-                            "allow_origins_by_regex":[".*\\.test.com",".*\\.example.org"]
+                            "allow_origins_by_regex":[".*\\.test.com$",".*\\.example.org$"]
                         }
                     },
                     "upstream": {

t/plugin/cors2.t

@@ -107,7 +107,7 @@ done
                             "allow_headers": "request-h",
                             "expose_headers": "expose-h",
                             "max_age": 10,
-                            "allow_origins_by_regex":[".*\\.domain.com"]
+                            "allow_origins_by_regex":[".*\\.domain.com$"]
                         }
                     },
                     "upstream": {