Closed sfilipov closed 4 years ago
Sorry for bothering you - I figured out that by the time origins
is passed to get_cors_origins
, you've made sure it is iterable by passing through ensure_iterable.
Which means r'.*' in origins
is looking for the string inside a list of strings, rather than looking for a substring.
Closing as this is not a bug!
@sfilipov thanks for taking the time to open (and close!) the issue. Glad everything is working as expected.
Inside get_cors_origins the variable
wildcard
is defined asr'.*' in origins
. This is too generic because it matches for example in patterns liker'^https://app\.(.*?\.)example\.com$
r'.*'
is present in that pattern.This can cause issues later on with
if wildcard and options.get('send_wildcard'):
which considerswildcard
True, thusorigins
must be.*
- but it is not. It is a more complicated pattern that happens to contain.*
inside of it.I think the correct way to do it would be
wildcard = r'.*' == origins
rather thanwildcard = r'.*' in origins
but I am not completely familiar with the code and I might be wrong.I hope I'm not wasting your time by not completely understanding the code.