Not possible to configure CORS origin using a regexp

[dcolens]

https://github.com/expressjs/cors#configuration-options shows that you can set origin to a regexp to only allow CORS request from a given domain:

RegExp - set origin to a regular expression pattern which will be used to test the request origin. If it's a match, the request origin will be reflected. For example the pattern /example.com$/ will reflect any request that is coming from an origin ending with "example.com".

Is there a way to pass such a regexp in the config ? If not, how may I create my own cors middleware and use it in the swagger-node-runner setup ?

[tanzim]

You can configure CORS. Change your config/default|development|environment.yaml file to include the configuration for cors like this:

cors:
      name: cors
      origin: [ !!js/regexp /localhost\:.*/, !!js/regexp /127\.0\.0\.1\:.*/ ]

[dcolens]

Thanks this is great, I could not find it in the doc, is it somewhere ?

[tanzim]

The swagger config is actually a bagpipe and a set of fittings[1]. There's no explicit documentation for the cors fitting, we had to poke around at the source [2] and figure out how to pass input to the cors module ourselves following the bagpipes documentation on fittings. To be honest, the input hash is the same as the actual cors module, so no surprises eventually.

I think the hardest part was figuring out how to pass the regex in YAML haha.

[1] https://github.com/apigee-127/bagpipes/blob/master/README.md [2] https://github.com/theganyo/swagger-node-runner/blob/master/fittings/cors.js

[theganyo]

Glad you got this sorted out. Sorry about the doc issue.

BTW: In case you're interested, the latest version now has a swagger_cors fitting. It's basically just a wrapper for the cors module, but it avoids the naming conflict in node_modules. See: https://github.com/theganyo/swagger-node-runner/releases/tag/v0.7.1