1

I have a mercure hub written in go and a Procfile at the root of the project. In this Procfile I have a flag:

--cors-allowed-origins='https://mydomain-yes801.app'

It works very well with one domain, But

If I want to change my cors with a regex or two domains like for example:

--cors-allowed-origins='https://mydomain-[a-zA-Z0-9]+.app'

or

--cors-allowed-origins='https://mydomain-yes801.app https://mydomain-yes802.app'

It doesn't work anymore. Is it possible to allow different domain or to use regex ?

Vico-gs
  • 41
  • 2
  • You could optionally allow a second one `--cors-allowed-origins='https://mydomain-[a-zA-Z0-9]+\.app(?: https://mydomain-[a-zA-Z0-9]+.app)?'` https://regex101.com/r/3AyNlO/1 – The fourth bird Feb 18 '22 at 16:09
  • Well even one regex doesn't work, but I tried your solution with to concret domains and it doesn't not work as well ... – Vico-gs Feb 18 '22 at 16:33
  • I think I misread your question, so the first regex also does not work. Are you sure it accepts a regex? Do you know if there is any related documentation? – The fourth bird Feb 18 '22 at 16:40
  • Unfortunnately I'm looking for a documentation but can't find anything. I'm working on a go app that I want to deploy through heroku, but I'm struggling to find any documentation that explain the specific configuration needed and allowed to the associated Procfile. Obviously, it seems the regex aren't allowed as it doesn't work. Can it be the final explanation ? I find it difficult to understand such conclusion for CORS ! – Vico-gs Feb 18 '22 at 16:57
  • Found a temporary solution: --cors-allowed-origins='https://mydomain-yes801.app,https://mydomain-yes802.app' works, I just added a ',' with no space between domains. Regex can't work for in Procfile of a GO app ... – Vico-gs Feb 25 '22 at 16:04
  • 1
    Even if regexp were supported, `https://mydomain-[a-zA-Z0-9]+.app` would be insecure because it would allow `https://mydomain-attackerwhatever.app`. – jub0bs Feb 12 '23 at 14:59

0 Answers0