Specify entire subdomain about rack-cors HOT 9 CLOSED

Sorry - I don't know why I ever said you can do that. Wildcard doesn't work, use a regular expression instead:

config.middleware.use Rack::Cors do
  allow do
    origins /http:\/\/(.*?)\.example\.com/
    resource '*', :headers => :any, :methods => [:get, :post, :options]
  end
end

from rack-cors.

This is my regex example:

/\Ahttps?:\/\/([a-zA-Z\d-]+\.){0,}example\.com\/?\z/

My example can match https and end up with top level domain. For example https://example.com.hello.world is not a valid domain.

from rack-cors.

Does origing have to match http:// or https://? Matching subdomain.example.com has worked for me, but the doc is unclear.

/^(.*\.|)example\.com$/ might work (regexr)

from rack-cors.

Try this:

config.middleware.use Rack::Cors do
  allow do
    origins '*.example.com'
    resource '*', :headers => :any, :methods => [:get, :post, :options]
  end
end

UPDATE: This example doesn't work. Instead use the regular expression example below.

from rack-cors.

I've created a wiki for that as it might be useful for the others, later maybe it can be moved to README. Thanks @raywu for the regex and the link it was useful, I copied actually that one to the wiki

from rack-cors.

Sorry - I don't know why I ever said you can do that. Wildcard doesn't work, use a regular expression instead:

config.middleware.use Rack::Cors do
  allow do
    origins /http:\/\/(.*?)\.example\.com/
    resource '*', :headers => :any, :methods => [:get, :post, :options]
  end
end

This will match anything.example.com.co.in as well which might not be desired expectation.

from rack-cors.

origins '*.example.com' doesn't work. Wildcard is not being read as intended.

from rack-cors.

@ramanbuttar is absolutely right. origins '*.example.com' will not allow test.example.com

from rack-cors.

did this ever get resolved? Is there a way around it?

from rack-cors.