cors_plug icon indicating copy to clipboard operation
cors_plug copied to clipboard
verified publisher icon mschae

Support wildcard subdomains

Open thiamsantos opened this issue 7 years ago • 2 comments

It is possible to pass a list with wildcard domain as valid origins?

config :cors_plug,
  origin: ["https://*.example.com", "http://*.example.com"]

thiamsantos avatar Aug 22 '18 22:08 thiamsantos

Not exactly, wildcard domains are not part of the CORS spec.

I’d recommend a regex tho:

config :cors_plug, origin: ~r{^https?://\w+\.example\.com$}

mschae avatar Aug 23 '18 06:08 mschae

@mschae we have been using regex so far. However we are in the process of migration to distillery, and we will use a toml file as config in the production environment. Toml files do not support regex, only primitives types. So would be a cool feature on cors_plug to support wildcard domains, even if it is not a part of the CORS spec. I would be happy to send PR implementing this feature.

Right now, we will use a custom config that will convert the wildcards to regex and pass the origins directly to the plug itself. I think it will solve the problem for us.

thiamsantos avatar Aug 23 '18 13:08 thiamsantos