Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

request help: cors plugins support domain limit #3759

Closed
miaoyongbin opened this issue Mar 4, 2021 · 7 comments
Closed

request help: cors plugins support domain limit #3759

miaoyongbin opened this issue Mar 4, 2021 · 7 comments

Comments

@miaoyongbin
Copy link

miaoyongbin commented Mar 4, 2021
edited
Loading

Issue description

cors plugins support domain limit

Environment

  • apisix version (cmd: apisix version): v2.3
  • OS (cmd: uname -a):
  • OpenResty / Nginx version (cmd: nginx -V or openresty -V):
  • etcd version, if have (cmd: run curl http://127.0.0.1:9090/v1/server_info to get the info from server-info API):
  • apisix-dashboard version, if have:

Support Action

diff --git a/apisix/plugins/cors.lua b/apisix/plugins/cors.lua
index fc90dc18..360aee77 100644
--- a/apisix/plugins/cors.lua
+++ b/apisix/plugins/cors.lua
@@ -74,6 +74,12 @@ local schema = {
             type = "boolean",
             default = false
         }
+        domamin_limit = {
+            description =
+                "设置允许跨域的域名",
+            type = "str",
+            default = "([^,]+)"
+        },
     }
 }

@@ -90,7 +96,7 @@ local function create_multiple_origin_cache(conf)
         return nil
     end
     local origin_cache = {}
-    local iterator, err = re_gmatch(conf.allow_origins, "([^,]+)", "jiox")
+    local iterator, err = re_gmatch(conf.allow_origins, conf.domamin_limit, "jiox")
     if not iterator then
         core.log.error("match origins failed: ", err)
         return nil
(END)
@miaoyongbin
Copy link
Author

默认跨域请求是所有域名均可跨域,存在安全问题,建议加上域名正则匹配进行限制

@tokers
Copy link
Contributor

tokers commented Mar 4, 2021

Would you like to submit a pr? Thanks!

@spacewander
Copy link
Member

We already support this feature. Please read the doc: https://github.com/apache/apisix/blob/master/docs/en/latest/plugins/cors.md

| allow_origins | string | optional | "*" | | Which Origins is allowed to enable CORS, format as:scheme://host:port, for example: https://somehost.com:8081. Multiple origin use , to split.

@miaoyongbin
Copy link
Author

miaoyongbin commented Mar 5, 2021
edited
Loading

We already support this feature. Please read the doc: https://github.com/apache/apisix/blob/master/docs/en/latest/plugins/cors.md

| allow_origins | string | optional | "*" | | Which Origins is allowed to enable CORS, format as:scheme://host:port, for example: https://somehost.com:8081. Multiple origin use , to split.

if i want allowed *.xxx.cn,What should I write,like "*.xxx.cn" or "xxx.cn"?

@spacewander
Copy link
Member

spacewander commented Mar 5, 2021
edited
Loading

Currently wildcard is not supported. So if you want to match "http://a.xxx.cn" and "https://b.xxx.cn", you need to write "http://a.xxx.cn,https://b.xxx.cn". Note that the scheme is required.

@miaoyongbin
Copy link
Author

Currently wildcard is not supported. So if you want to match "http://a.xxx.cn" and "https://b.xxx.cn", you need to write "http://a.xxx.cn,https://b.xxx.cn". Note that the scheme is required.

so,Is there a plan to support wildcard matching?

@spacewander
Copy link
Member

I prefer to add regex match. Create an issue as #3763, pull is welcome!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@spacewander @miaoyongbin @tokers