ASP.NET CORE HOW TO ADD "ACCESS-CONTROL-EXPOSE-HEADERS" HEADERS?

  　 services.AddCors(options =>
       {
                    options.AddPolicy("AnotherPolicy", builder =>
                    {
                        builder.AllowAnyHeader()
                               .AllowAnyMethod()
                               .AllowAnyOrigin()
                               .AllowCredentials()
                               .WithExposedHeaders("user"); // params string[]
                    });
        });

        [EnableCors("AnotherPolicy")]
        public async Task<string> Test()