search

corydolphin / flask-cors

Cross Origin Resource Sharing ( CORS ) support for Flask
https://flask-cors.corydolphin.com/
MIT License
877 stars 137 forks source link

Improve regex detection #222

Closed corydolphin closed 6 years ago

kamyar commented 6 years ago

Hey, I would love to get involved with this, is there any way I can help? :)

we had to remove flask_cors as it is not possible to use wildcard (i.e. '*') with withCredentials, so would love to get help in releasing this. :)

corydolphin commented 6 years ago

Hey @kamyarg this issue should be fixed. It was a vague, but represented the fact that Flask-Cors currently uses a heuristic to determine if the string should be treated as a regex or as a string literal for matching. Frankly that was probably a bad design from the get-go, but cannot easily be changed without breaking API compatibility.

For your issue, what is your goal? Sending an '*' as the origin is not allowed in combination with credwentials, as mentioned (See https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS "Credentialed requests and wildcards").

Instead if you use specify supports_credentials=true, with the defaults CORS(origins='*', supports_credentials=true, send_wildcard=false) it should work. Let me know if you have any issues.

Cheers, Cory