search

nelmio / NelmioCorsBundle

Adds CORS (Cross-Origin Resource Sharing) headers support in your Symfony application
https://symfony.com/bundles/NelmioCorsBundle/
MIT License
1.89k stars 108 forks source link

Unable to set multiple origins via environment variable #92

Closed frak closed 6 years ago

frak commented 6 years ago

I am trying to set more than one origin and I would ideally like to do this with environment variables to make it easy to change origins in different environments. However I am unaware of any way to define an environment variable as an array, and if I define an array looking string ['host1.com', 'host2.com'] then I get the error:

[Symfony\Component\Config\Definition\Exception\InvalidTypeException] Invalid type for path "nelmio_cors.paths.^/.allow_origin". Expected array, but got string

I am more than happy to have a go at fixing this but was wondering what the best approach would be?

frankdejonge commented 6 years ago

@frak .env vars are strings only. If you need multiple, simply add more .env vars.

frak commented 6 years ago

@frankdejonge thank you for your reply. If I understand you correctly, you are suggesting that I define a new env var for each CORS origin that I want to allow? The problem is that if I then want to add another CORS origin in a specific environment then I will need to change the code to add that parameter, and then provide a value for it across all environments. Or have I misunderstood?

I currently have the following config:

nelmio_cors:
    paths:
        '^/':
            allow_credentials: true
            allow_origin: ['%cors_origin%']
            allow_headers: ['*']
            allow_methods: ['POST', 'PUT', 'GET', 'DELETE']

Are you suggesting I add another parameter as follows?

nelmio_cors:
    paths:
        '^/':
            allow_credentials: true
            allow_origin: ['%cors_origin%', '%extra_cors_origin%']
            allow_headers: ['*']
            allow_methods: ['POST', 'PUT', 'GET', 'DELETE']

Also, what value could I use in environments that do not need an extra CORS origin?

Sorry if I am being dumb, I appreciate your time is precious.

frankdejonge commented 6 years ago

@frak then you can just use the same value for both origins, no harm done 👍

frak commented 6 years ago

OK. So in this case there is no benefit in using env vars as it requires a code change anyway. Thank you!

frankdejonge commented 6 years ago

Alternatively you can use a regex origin like: ^https://(domain.nl|other.com)

frak commented 6 years ago

I did not know that was possible - thank you!

frankdejonge commented 6 years ago

The benefit is using env vars is still there, your app is configurable at run-time, you just need to plan ahead.

merk commented 6 years ago

Its possible to use this feature in symfony 4.1 to have a comma separated list of values:

https://github.com/symfony/symfony/pull/25627

There is also a pending PR to allow advanced env vars to be used in config files (which would mean %env(json:CORS_DOMAINS)% to work:

https://github.com/symfony/symfony/pull/23888

g-ra commented 3 years ago

any news ?

harunbuljubasic commented 11 months ago

any news?