diff --git a/extensions/reactive-routes/deployment/src/test/java/io/quarkus/vertx/web/cors/CORSFullConfigHandlerTestCase.java b/extensions/reactive-routes/deployment/src/test/java/io/quarkus/vertx/web/cors/CORSFullConfigHandlerTestCase.java
index 445fe9adc05b63..7d9c7d7b2f10b5 100644
--- a/extensions/reactive-routes/deployment/src/test/java/io/quarkus/vertx/web/cors/CORSFullConfigHandlerTestCase.java
+++ b/extensions/reactive-routes/deployment/src/test/java/io/quarkus/vertx/web/cors/CORSFullConfigHandlerTestCase.java
@@ -32,6 +32,16 @@ public void corsFullConfigTestServlet() {
                 .header("Access-Control-Allow-Headers", "X-Custom")
                 .header("Access-Control-Max-Age", "86400");
 
+        given().header("Origin", "http://custom.origin.quarkus")
+                .when()
+                .get("/test").then()
+                .statusCode(200)
+                .header("Access-Control-Allow-Origin", "http://custom.origin.quarkus")
+                .header("Access-Control-Allow-Methods", "GET,PUT,POST")
+                .header("Access-Control-Expose-Headers", "Content-Disposition")
+                .header("Access-Control-Allow-Headers", "X-Custom");
+
+
         given().header("Origin", "http://www.quarkus.io")
                 .header("Access-Control-Request-Method", "PUT")
                 .when()
@@ -40,6 +50,7 @@ public void corsFullConfigTestServlet() {
                 .header("Access-Control-Allow-Origin", "http://www.quarkus.io")
                 .header("Access-Control-Allow-Methods", "GET,PUT,POST")
                 .header("Access-Control-Expose-Headers", "Content-Disposition");
+
     }
 
     @Test
diff --git a/extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/cors/CORSFilter.java b/extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/cors/CORSFilter.java
index 4cd477c951b8d5..4304433190d3c9 100644
--- a/extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/cors/CORSFilter.java
+++ b/extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/cors/CORSFilter.java
@@ -176,6 +176,12 @@ public void handle(RoutingContext event) {
             if (allowedMethods != null) {
                 response.headers().add(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, allowedMethods);
             }
+
+            //always set expose headers if present
+            if (exposedHeaders != null) {
+                response.headers().add(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS, exposedHeaders);
+            }
+
             //we check that the actual request matches the allowed methods and headers
             if (!isMethodAllowed(request.method())) {
                 LOG.debug("Method is not allowed");
@@ -216,10 +222,6 @@ private void handlePreflightRequest(RoutingContext event, String requestedHeader
             response.headers().add(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS, exposedHeaders);
         }
 
-        if (!isConfiguredWithWildcard(corsConfig.exposedHeaders)) {
-            response.headers().set(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS, this.exposedHeaders);
-        }
-
     }
 
     static boolean isSameOrigin(HttpServerRequest request, String origin) {