search

miguelgrinberg / Flask-SocketIO

Socket.IO integration for Flask applications.
MIT License
5.35k stars 889 forks source link

Handling CORS with Wildcard Subdomains in Flask-SocketIO #2086

Open martenzo7 opened 1 month ago

martenzo7 commented 1 month ago

Hi,

I'm trying to configure Flask-SocketIO to handle CORS for multiple subdomains (e.g., cors_allowed_origins='*.domain.com'). 

allowed_origins = [
    'https://*.domain.com',
    'http://*.localdomain.com'
]

socketio = SocketIO(app, cors_allowed_origins=allowed_origins)

However, I noticed that cors_allowed_origins does not support wildcards directly. unless it's from all domains (e.g., cors_allowed_origins='*'). I know I could make a list for all my subdomains but that would take so long since I created a lot of subdomains.

Could you please advise on the best approach to handle CORS with wildcard subdomains for Socket.IO? Is there a recommended way to configure this or any workarounds?

Thanks in advance!

miguelgrinberg commented 1 month ago

CORS with wildcards is not directly supported by the CORS specification, so it has to be implemented as a server-side extension. Unfortunately this is not available in the CORS support that Flask-SocketIO uses at this time, so the options are all domains, or an explicit list of them.