So I can t seem to get ```install CORS host <http somedomain kotlinlang #ktor

So I can't seem to get ```install(CORS){ host("...

Jørund Amsen

12/02/2019, 12:32 PM

So I can't seem to get

Copy code

install(CORS){
   host("*.<http://somedomain.com|somedomain.com>")
}

to work, does it not support the

*.

notation?

Jørund Amsen

12/02/2019, 12:37 PM

You are absolutely correct, that was just me typing it 😉

Jonathan Mew

12/02/2019, 12:37 PM

cool, removed my now unhelpful comments 🙂

❤️ 1

Jonathan Mew

12/02/2019, 12:41 PM

Does the server start up okay? Can you inspect the requests that you send in your browser okay?

Jørund Amsen

12/02/2019, 12:42 PM

The server starts up, anything in the requests that could be useful?

Jonathan Mew

12/02/2019, 12:52 PM

Actually, looking at the code, it doesn't appear to support the *.domain structure. You can give a list of subdomains, but not a wildcarded parent domain.

Jørund Amsen

12/02/2019, 12:53 PM

Yeah, I seemed to notice the same looking through the code and the tests for it...

Jørund Amsen

12/02/2019, 12:53 PM

I thought this was pretty standard

Jørund Amsen

12/02/2019, 12:53 PM

Can you see if the subdomains perhaps support

Jonathan Mew

12/02/2019, 12:55 PM

from CORS.kt

Copy code

private fun corsCheckOrigins(origin: String): Boolean {
        return allowsAnyHost || normalizeOrigin(origin) in hostsNormalized
    }

Jonathan Mew

12/02/2019, 12:56 PM

Any subdomains are all normalized and added to the

hostsNormalized: HashSet<String>

and that needs to actually contain the request origin according to corsCheckOrigins, so doesn't look like it

Jonathan Mew

12/02/2019, 12:58 PM

Consistent with the spec - maybe there are good security reasons not to allow wildcards https://tools.ietf.org/html/rfc6454#section-7.1

Jørund Amsen

12/02/2019, 1:25 PM

Oh, that's interesting. I feel like I've always used wildcards for subdomains. This is problematic

3 Views

Open in Slack

Previous Next