The CORS spec is all-or-nothing. It only supports *
, null
or the exact protocol + domain + port: http://www.w3.org/TR/cors/#access-control-allow-origin-response-header
Your server will need to validate the origin header using the regex, and then you can echo the origin value in the Access-Control-Allow-Origin
response header.
More Related Contents:
- How to resolve ‘preflight is invalid (redirect)’ or ‘redirect is not allowed for a preflight request’
- What is an opaque response, and what purpose does it serve?
- How to enable Cross domain requests on JAX-RS web services?
- Adding Access-Control-Allow-Origin header response in Laravel 5.3 Passport
- same-origin policy and CORS – what’s the point?
- What is the issue CORS is trying to solve?
- How to apply CORS preflight cache to an entire domain
- Why are CORS requests failing in Microsoft Edge but working in other browsers?
- Why is Access-Control-Expose-Headers needed?
- Are there any browsers that set the origin header to “null” for privacy-sensitive contexts?
- Why doesn’t adding CORS headers to an OPTIONS route allow browsers to access my API?
- “Origin null is not allowed by Access-Control-Allow-Origin” error for request made by application running from a file:// URL
- Why does my http://localhost CORS origin not work?
- CORS: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true
- XMLHttpRequest Origin null is not allowed Access-Control-Allow-Origin for file:/// to file:/// (Serverless)
- Socket.io + Node.js Cross-Origin Request Blocked
- How to create cross-domain request?
- AngularJS $http, CORS and http authentication
- Angular2 OPTIONS method sent when asking for http.GET [duplicate]
- Enable CORS in Spring 5 Webflux?
- Ajax call bug with Chrome new version 73.0.3683.75?
- AngularJS + Django Rest Framework + CORS ( CSRF Cookie not showing up in client )
- ionic app cannot connect cors enabled server with $http
- Microsoft Edge blocked cross-domain requests sent to IPs in same private network CIDR
- Configure cors to allow all subdomains using ASP.NET Core (Asp.net 5, MVC6, VNext)
- CORS error with jquery
- MediaElementAudioSource outputs zeroes due to CORS access restrictions
- CORS-enabled server not denying requests
- CORS enabled but response for preflight has invalid HTTP status code 404 when POSTing JSON
- CORS: PHP: Response to preflight request doesn’t pass. Am allowing origin