search

cyu / rack-cors

Rack Middleware for handling Cross-Origin Resource Sharing (CORS), which makes cross-origin AJAX possible.
MIT License
3.27k stars 263 forks source link

Regex origin woes #265

Closed johnknapp closed 1 year ago

johnknapp commented 1 year ago

First off, rack-cors rocks! I've used it on numerous projects but not with regex origins.

I'm on rack-cors 1.1 / rails 7.0.1 / ruby 2.7.7

  1. I have a regex that matches our dynamically generated URL patterns.
  2. The preflight begins.
  3. But never returns the preflight headers.
  4. So the browser blocks since no origin allowed header is returned.

Is there something wrong with my rack-cors regex origin syntax? (attached screen grab)

valid_regex_valid_syntax_redacted
cyu commented 1 year ago

@johnknapp try /\Ahttps?:\/\/example\.com\z/. That's the syntax for a regex literal

johnknapp commented 1 year ago

Thank you Calvin! That did the trick!

I first tried with quotes which did not work. After removing the quotes, with the forward slashes instead, life is good!!

Just as you recommended, the block looks like this:

allow do
  origins /\Ahttps?:\/\/example\.com\z/
  resource '*', credentials: true, headers: :any, max_age: 600, methods: allowed_methods
end

Our dev team will be so happy that our GH preview builds work now!

Thanks again and keep up the good work on rack-cors!