So I can't seem to get ```install(CORS){ host("...
# ktor
j
So I can't seem to get
Copy code
install(CORS){
   host("*.<http://somedomain.com|somedomain.com>")
}
to work, does it not support the
*.
notation?
You are absolutely correct, that was just me typing it 😉
j
cool, removed my now unhelpful comments 🙂
❤️ 1
Does the server start up okay? Can you inspect the requests that you send in your browser okay?
j
The server starts up, anything in the requests that could be useful?
j
Actually, looking at the code, it doesn't appear to support the *.domain structure. You can give a list of subdomains, but not a wildcarded parent domain.
j
Yeah, I seemed to notice the same looking through the code and the tests for it...
I thought this was pretty standard
Can you see if the subdomains perhaps support
*
?
j
from CORS.kt
Copy code
private fun corsCheckOrigins(origin: String): Boolean {
        return allowsAnyHost || normalizeOrigin(origin) in hostsNormalized
    }
Any subdomains are all normalized and added to the
hostsNormalized: HashSet<String>
and that needs to actually contain the request origin according to corsCheckOrigins, so doesn't look like it
Consistent with the spec - maybe there are good security reasons not to allow wildcards https://tools.ietf.org/html/rfc6454#section-7.1
j
Oh, that's interesting. I feel like I've always used wildcards for subdomains. This is problematic