batman-ezio commented on a change in pull request #3839:
URL: https://github.com/apache/apisix/pull/3839#discussion_r597322755
##########
File path: apisix/plugins/cors.lua
##########
@@ -121,19 +137,28 @@ function _M.check_schema(conf)
return false, "you can not set '*' for other option when
'allow_credential' is true"
end
end
+ if conf.allow_origins_by_regex then
+ for i, re_rule in ipairs(conf.allow_origins_by_regex) do
+ local ok, err = re_compile(re_rule, "j")
+ if not ok then
+ return false, err
+ end
+ end
+ end
return true
end
local function set_cors_headers(conf, ctx)
local allow_methods = conf.allow_methods
+ local allow_origins_by_regex = conf.allow_origins_by_regex or {}
if allow_methods == "**" then
allow_methods = "GET,POST,PUT,DELETE,PATCH,HEAD,OPTIONS,CONNECT,TRACE"
end
core.response.set_header("Access-Control-Allow-Origin",
ctx.cors_allow_origins)
- if ctx.cors_allow_origins ~= "*" then
+ if ctx.cors_allow_origins ~= "*" or next(allow_origins_by_regex) ~= nil
then
Review comment:
this function set_cors_headers can call not only matched by regex,.
if it matched by `allow_origins = '**'` then it will go here and needs to
add `Vary` Origin header
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
