-
Notifications
You must be signed in to change notification settings - Fork 22
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Setting up CORS for multiple domains #46
Comments
Hi @smlbiobot
Correct. If Sanic-CORS is adding more than one, that is a bug. Please file an issue about that.
Can you rephrase that in a different way? Do you mean nginx checks the HTTP
Sanic-CORS is a direct port from Flask-CORS, so most of the documentation from Flask-CORS should still apply to Sanic-CORS, including that for the list of valid
That might be a bug, one which may not be picked up by the test suite. I can try to reproduce it and let you know. |
Hi @ashleysommer let me explain what I needed. The way I understand how the Sample code: cors = CORS(
app,
resources={
r"/static/*": {
"origins": [
"https://example.com",
"https://subdomain.example.com",
"https://subdomain2.example.com",
]
}
},
methods=['GET'],
) Expected behavior: Depending on which domain is requesting the resource, it should add these headers:
When I am using this library right now, it always returns the first domain. So e.g. when I request from
Needless to say, that resulted in me not being able to use the resource. Also if it’s important, I am testing this on localhost only, but setting up multiple localhost hostname e.g.:
and I can see even if I had added both to the origins, that only the first item in the list ever gets return. |
same need. |
Ok, this might be caused by something in the porting process between Flask-CORS and Sanic-CORS. Just surprising that the test-suite doesn't pick this up. |
Per Mozilla docs there can only be one
Access-Control-Allow-Origin
header present.To limit access to specific domains, nginx allows you to regex test the incoming host and to match it in the header:
How would I go about doing this with this library? I’ve tried putting a list of domains in the
origins
keyword, as suggested in the Flask-CORS docs but it simply uses the first value in the list.The text was updated successfully, but these errors were encountered: