How to allow *.<DomainName>.com in allowedOrigins config?

configuration
#1

Hi,
How to configure allowedOrigins property to allow like following example?
for example, I would like to allow www.google.com, business.google.com.
cors {
# Filter paths by a whitelist of path prefixes
pathPrefixes = [""]

# The allowed origins. If null, all origins are allowed.
allowedOrigins = ["*.<domainName>.com"]
(Ignasi Marimon-Clos) #2

Hi @stonekey,

I don’t think that’s supported by browsers:

Although the CORS specification implies that you can list multiple origins in the Access-Control-Allow-Origin header, in practice only a single value is allowed by all modern browsers.

Cheers,

(Greg Methvin) #3

It’s possible to do but it’s just not implemented in Play. If it were implemented, the filter would check the request’s origin against the pattern and send back only the request’s origin in the Access-Control-Allow-Origin header. Looks like someone implemented it here: https://gist.github.com/nyango/5e8dd6f9d0e8c3bf51c7a40899848308