Closed igorvishnevskiy closed 6 years ago
You have to specify schema and port if it is not explicit port for that schema. So this do not work with CORS:
"origins": ["localhost", "mywebsite.example.com"]
And this do work correctly:
"origins": ["http://localhost:8000", "http://mywebsite.example.com"]
Can someone please provide an example of using regular expressions to specify access to specific domains.
I have tried the following without success:
cors = CORS(app, origins=['http://localhost:5000',r'^https://.+example.com$'])
I expect the following URL be allowed access for CORS: https://jan.flan.example.com I also tried variations thereof without success. Thank you
@MeesterMan your configuration is correct. The regex detection worked incorrectly for your pattern, and I will update it shortly.
Fixed and released as 3.0.5
@ghost you might want to escape the dot in example.com
@corydolphin how do you detect if each item in the origins list[str]
is an exact match or a regex pattern?
Maybe as a follow up, can we pass in patterns that have already been compiled with re.compile(...)
?
@corydolphin how do you detect if each item in the origins
list[str]
is an exact match or a regex pattern? Maybe as a follow up, can we pass in patterns that have already been compiled withre.compile(...)
?
https://github.com/corydolphin/flask-cors/blob/master/flask_cors/core.py#L254
This API is problematic in retrosepct, but this is how/where it is inferred.
I need to limit access to calls coming from 2 domain names as well as localhost.
I tried following:
And I tried the following:
Receiving exception in both cases:
API works when I allow all CORS:
But I need to limit access to calls coming from 2 domain names as well as localhost.
Thank you for your help.