Access-Control-Allow-Origin wildcard subdomains, ports and protocols

by

The CORS spec is all-or-nothing. It only supports *, null or the exact protocol + domain + port: http://www.w3.org/TR/cors/#access-control-allow-origin-response-header

Your server will need to validate the origin header using the regex, and then you can echo the origin value in the Access-Control-Allow-Origin response header.

More Related Contents:

  1. How to resolve ‘preflight is invalid (redirect)’ or ‘redirect is not allowed for a preflight request’
  2. What is an opaque response, and what purpose does it serve?
  3. How to enable Cross domain requests on JAX-RS web services?
  4. Adding Access-Control-Allow-Origin header response in Laravel 5.3 Passport
  5. same-origin policy and CORS – what’s the point?
  6. What is the issue CORS is trying to solve?
  7. How to apply CORS preflight cache to an entire domain
  8. Why are CORS requests failing in Microsoft Edge but working in other browsers?
  9. Why is Access-Control-Expose-Headers needed?
  10. Are there any browsers that set the origin header to “null” for privacy-sensitive contexts?
  11. Why doesn’t adding CORS headers to an OPTIONS route allow browsers to access my API?
  12. “Origin null is not allowed by Access-Control-Allow-Origin” error for request made by application running from a file:// URL
  13. Why does my http://localhost CORS origin not work?
  14. CORS: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true
  15. XMLHttpRequest Origin null is not allowed Access-Control-Allow-Origin for file:/// to file:/// (Serverless)
  16. Socket.io + Node.js Cross-Origin Request Blocked
  17. How to create cross-domain request?
  18. AngularJS $http, CORS and http authentication
  19. Angular2 OPTIONS method sent when asking for http.GET [duplicate]
  20. Enable CORS in Spring 5 Webflux?
  21. Ajax call bug with Chrome new version 73.0.3683.75?
  22. AngularJS + Django Rest Framework + CORS ( CSRF Cookie not showing up in client )
  23. ionic app cannot connect cors enabled server with $http
  24. Microsoft Edge blocked cross-domain requests sent to IPs in same private network CIDR
  25. Configure cors to allow all subdomains using ASP.NET Core (Asp.net 5, MVC6, VNext)
  26. CORS error with jquery
  27. MediaElementAudioSource outputs zeroes due to CORS access restrictions
  28. CORS-enabled server not denying requests
  29. CORS enabled but response for preflight has invalid HTTP status code 404 when POSTing JSON
  30. CORS: PHP: Response to preflight request doesn’t pass. Am allowing origin

Leave a Comment