Support cors_origins Wildcard domain

dunglas / mercure

🪽 An open, easy, fast, reliable and battery-efficient solution for real-time communications

https://mercure.rocks

GNU Affero General Public License v3.0

3.83k stars 278 forks source link

Open f1amy opened 2 weeks ago

f1amy commented 2 weeks ago

Our application is multi-tenant, we're handling users from a dynamic number of subdomains.

We would like to setup authorization for Mercure subscribers, but it seems that it not possible with current configuration.

We've tried: cors_origins https://*.example.com, but Access-Control-Allow-Origin header is not appearing in responses from Mercure.

What can we do to fix this issue?

f1amy commented 2 weeks ago

It looks like using GET parameter authorization will work if we can't currently setup dynamic CORS origins

TheJulienM commented 1 week ago

I'd love to see this feature implemented! I have quite a few subdomains on several sites and it's getting to be a long list ^^