-
Notifications
You must be signed in to change notification settings - Fork 171
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CORS: Enable multiple Origins value based on regexp. #1251
Conversation
@@ -46,7 +46,7 @@ | |||
} | |||
}, | |||
"allow_origin": { | |||
"description": "Origin allowed for CORS requests. The field expects only one origin (e.g. https://example.com) or '*'. If left blank, the value of the 'Origin' request header will be used. In case of valid regexp, and if it matches with Origin header value, the value will be set to the Origin Value. In case of does not match, the header will not set at all.", | |||
"description": "Origin allowed for CORS requests. The field expects only one origin (e.g. <code>https://example.com</code>) or '*'. If left blank, the value of the 'Origin' request header will be used. <br> In order to allow more than one origin it is possible to use a regular expression, if it matches with Origin header value, the value will be set to the Origin Value. In case it does not match, the header will not set at all. Example: <code>(api|web).test.com</code> wil match both <code>api.test.com</code> and <code>web.test.com</code>", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It seems like GH picked the first suggestion instead of the second (corrected without html markup) :(
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed now! Thanks!
02d21ff
to
ba678fa
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
This will check if the allow_origins is a valid regexp, and if it is, will match with the Origin header value, it'll set the Access-Control-Allow-Origin header to the Origin value. Examples: ``` Config | Origin Request Header Value | Access-Control-Allow-Origin header (api|web).test.com | http://web.test.com | http://web.test.com (api|web).test.com | http://api.test.com | http://api.test.com (api|web).test.com | http://staging.test.com | Not header set http://test.com | http://api.test.com | http://test.com * | http://api.test.com | * blank | http://api.test.com | http://api.test.com ``` Fix: THREESCALE-6569 Signed-off-by: Eloy Coto <eloy.coto@acalustra.com>
ba678fa
to
e2b0942
Compare
This will check if the allow_origins is a valid regexp, and if it is,
will match with the Origin header value, it'll set the
Access-Control-Allow-Origin header to the Origin value.
Examples:
Fix: THREESCALE-6569
Signed-off-by: Eloy Coto eloy.coto@acalustra.com