search

ExpressGateway / express-gateway

A microservices API Gateway built on top of Express.js
https://www.express-gateway.io
Apache License 2.0
2.97k stars 344 forks source link

CORS origin option doesn't check for RegExp in array #924

Closed Matthbo closed 5 years ago

Matthbo commented 5 years ago

I have made an example gateway.config.yml:

  port: 8080
apiEndpoints:
  api:
    host: localhost
    paths: '*'
serviceEndpoints:
  example:
    url: 'https://example.com'
policies:
  - cors
  - proxy
pipelines:
  default:
    apiEndpoints:
      - api
    policies:
      - {cors: [{action: {origin: ['https://example.com',  /https:\/\/w*\.example.com$]}}]}
      - {proxy: [{action: {serviceEndpoint: example}}]}

When I try to fetch from https://www.example.com it should return without having a CORS problem, however it seems like theAccess-Control-Allow-Origin isn't sent.

It does work if I change origin: ['https://example.com', /https:\/\/w*\.example.com$] to origin: ['https://example.com', 'https://www.example.com'].

The fault isn't the RegExp, I checked it here and it seems to work just fine. This would mean that while stated in the docs origin doesn't check for RegExp.

XVincentX commented 5 years ago

You need to properly instruct the yaml parser you are providing a regepx and not a simple string

- - {cors: [{action: {origin: ['https://example.com',  /https:\/\/w*\.example.com$]}}]}
+ - {cors: [{action: {origin: ['https://example.com', !!js/regexp /https:\/\/w*\.example.com$]}}]}