linus-amg
commented
9 years ago or maybe even domain.tld:80,3000 or domain.tld:80-3000
Closed linus-amg closed 9 years ago
linus-amg
commented
9 years ago or maybe even domain.tld:80,3000 or domain.tld:80-3000
agrueneberg
commented
9 years ago Thanks for the feedback! Unfortunately, the Access-Control-Allow-Origin header doesn't support port wildcards for particular domains (see #2 for a similar issue regarding Access-Control-Allow-Headers and Access-Control-Expose-Headers). I'm not a big fan of adding a special wildcard syntax in Corser because it would mean that I would have to inflate domain.tld: for all 2^16 ports--something that I'm sure no one would want in their HTTP headers. Is either hardcoding the port numbers, or reading them from a config file an option?
domain = "domain.tld";
ports = [80, 3000];
listener = corser.create({
origins: ports.map(function (p) {
return domain + ":" + p;
})
});instead of the raw req.origin you could parse the hostname out of it, so http://app.test.com:3000 gets app.test.com and then you check the origins array ['app.test.com'] for an indexOf > -1. as an example, what do you think of that idea? like that, the port does not matter anymore, rfc specificly i guess that there should still be a way to not allow a certain port but another one instead, so for that.. it wouldnt work :( maybe everything should stay exactly the same it is.. your way of using a function for that should be good enough for solving my problem.
i have domain.tld or domain.tld:3000 acessing the ressource and i want both to be allowed, but in the origins i would like to specify domain.tld:* or something like that..