Skip to content

CORS allow multiple domains #8516

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
3 tasks done
MarcDerhammer opened this issue Apr 25, 2023 · 4 comments · Fixed by #8517
Closed
3 tasks done

CORS allow multiple domains #8516

MarcDerhammer opened this issue Apr 25, 2023 · 4 comments · Fixed by #8517
Labels
state:released Released as stable version state:released-alpha Released as alpha version state:released-beta Released as beta version type:feature New feature or improvement of existing feature

Comments

@MarcDerhammer
Copy link
Contributor

New Feature / Enhancement Checklist

Current Limitation

The current configuration seems to only support one origin or ALL origins (*)

Feature / Enhancement Description

Modify the middlewares' allowCrossDomain function to support comma delimited ALLOW_ORIGIN, look for a matching origin to the request's origin header and set the response header to the match, otherwise just set the header to the first value in the list of allowed origins

Example Use Case

new ParseServer({
  // rest of config
  allowOrigin: 'https://a.com,https://b.com,https://c.com'
})

Then, webapps at a.com, b.com, and c.com will not have CORS issues sending requests, but d.com will not be allowed.

Alternatives / Workarounds

Setting to * (or leaving undefined), allows any origin, but this has security implications.

3rd Party References

https://github.com/expressjs/cors

Notes

I have a patch which I've been using. I'll make a PR soon
@parse-github-assistant
Copy link

Thanks for opening this issue!

  • 🎉 We are excited about your ideas for improvement!

@MarcDerhammer MarcDerhammer mentioned this issue Apr 25, 2023
Merged
2 tasks
@mtrezza mtrezza added the type:feature New feature or improvement of existing feature label Apr 26, 2023
@parseplatformorg
Copy link
Contributor

🎉 This change has been released in version 6.1.0-alpha.8

@parseplatformorg parseplatformorg added the state:released-alpha Released as alpha version label May 1, 2023
@parseplatformorg
Copy link
Contributor

🎉 This change has been released in version 6.1.0-beta.2

@parseplatformorg parseplatformorg added the state:released-beta Released as beta version label May 1, 2023
@parseplatformorg
Copy link
Contributor

🎉 This change has been released in version 6.1.0

@parseplatformorg parseplatformorg added the state:released Released as stable version label May 1, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
state:released Released as stable version state:released-alpha Released as alpha version state:released-beta Released as beta version type:feature New feature or improvement of existing feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: Allow multiple origins for header Access-Control-Allow-Origin MarcDerhammer/parse-server
3 participants
@mtrezza @MarcDerhammer @parseplatformorg