You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by "Qiuqiu0505 (via GitHub)" <gi...@apache.org> on 2023/03/07 12:00:36 UTC
[GitHub] [apisix] Qiuqiu0505 opened a new issue, #9027: bug: If allow_origins_by_regex is not nil,using other domain is also verified.
Qiuqiu0505 opened a new issue, #9027:
URL: https://github.com/apache/apisix/issues/9027
### Current Behavior
allow_origins: Origins to allow CORS
allow_origins_by_regex: Regex to match with origin for enabling CORS.
As a user, When I set the value of allow_origins_by_regex,the orgins to allow CORS must be in the range and other origin will be failed. But it's not ready.
In code,the default value of allow orgins is ‘*’ and all origins will be passed and allow_origins_by_regex has not effect.
### Expected Behavior
In my opinion,allow_origins_by_regex should be considered first. If the allow_origins_by_regex has no value. it can judge using allow_origins.
### Error Logs
_No response_
### Steps to Reproduce
set the value of allow_origins_by_regex is '.*\\.hisense.com' and allow_origins is '*'. The use of other domain names is also verified.
### Environment
- APISIX version (run `apisix version`):
- Operating system (run `uname -a`):
- OpenResty / Nginx version (run `openresty -V` or `nginx -V`):
- etcd version, if relevant (run `curl http://127.0.0.1:9090/v1/server_info`):
- APISIX Dashboard version, if relevant:
- Plugin runner version, for issues related to plugin runners:
- LuaRocks version, for installation issues (run `luarocks --version`):
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] mscb402 commented on issue #9027: bug: If allow_origins_by_regex is not nil,using other domain is also verified.
Posted by "mscb402 (via GitHub)" <gi...@apache.org>.
mscb402 commented on issue #9027:
URL: https://github.com/apache/apisix/issues/9027#issuecomment-1463437760
> > I think you can set `allow_origins_by_regex` and `allow_origins` together. And manual change `allow_origins`.
>
> @mscb402 Hi, many companies only wants to the specified range. So they set allow_origins_by_regex to sspecified range and not set allow_origins. At the time, the default value of allow_origins is * and all origins will be passed. This is not in compliance with safety regulations.
Sounds good!
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] Qiuqiu0505 commented on issue #9027: bug: If allow_origins_by_regex is not nil,using other domain is also verified.
Posted by "Qiuqiu0505 (via GitHub)" <gi...@apache.org>.
Qiuqiu0505 commented on issue #9027:
URL: https://github.com/apache/apisix/issues/9027#issuecomment-1461856091
> I don't think this is a bug
>
> https://github.com/apache/apisix/blob/c159f04d845c6cdf2dbb32931da7af127bdb60a6/apisix/plugins/cors.lua#L298-L302
@mscb402 At present, many companies have many security requirements for cors and detting Access-Control-Allow-Origin to * is not allowed. Only the specified source domain name is allowed to pass.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] mscb402 commented on issue #9027: bug: If allow_origins_by_regex is not nil,using other domain is also verified.
Posted by "mscb402 (via GitHub)" <gi...@apache.org>.
mscb402 commented on issue #9027:
URL: https://github.com/apache/apisix/issues/9027#issuecomment-1461182569
I don't think this is a bug
https://github.com/apache/apisix/blob/c159f04d845c6cdf2dbb32931da7af127bdb60a6/apisix/plugins/cors.lua#L298-L302
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] boekkooi-lengoo commented on issue #9027: bug: If allow_origins_by_regex is not nil,using other domain is also verified.
Posted by "boekkooi-lengoo (via GitHub)" <gi...@apache.org>.
boekkooi-lengoo commented on issue #9027:
URL: https://github.com/apache/apisix/issues/9027#issuecomment-1464016824
We are having the same problem. We would like to only use `allow_origins_by_regex` and set `allow_origins` to be empty or nil but this is not allowed.
However we also have a case where we want to use both `allow_origins_by_regex` and `allow_origins` but I can live with just being allowed to set 1 of them.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] Qiuqiu0505 commented on issue #9027: bug: If allow_origins_by_regex is not nil,using other domain is also verified.
Posted by "Qiuqiu0505 (via GitHub)" <gi...@apache.org>.
Qiuqiu0505 commented on issue #9027:
URL: https://github.com/apache/apisix/issues/9027#issuecomment-1463422737
> I think you can set `allow_origins_by_regex` and `allow_origins` together. And manual change `allow_origins`.
@mscb402 Hi, many companies only wants to the specified range. So they set allow_origins_by_regex to sspecified range and not set allow_origins. At the time, the default value of allow_origins is * and all origins will be passed. This is not in compliance with safety regulations.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] leslie-tsang closed issue #9027: bug: If allow_origins_by_regex is not nil,using other domain is also verified.
Posted by "leslie-tsang (via GitHub)" <gi...@apache.org>.
leslie-tsang closed issue #9027: bug: If allow_origins_by_regex is not nil,using other domain is also verified.
URL: https://github.com/apache/apisix/issues/9027
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] mscb402 commented on issue #9027: bug: If allow_origins_by_regex is not nil,using other domain is also verified.
Posted by "mscb402 (via GitHub)" <gi...@apache.org>.
mscb402 commented on issue #9027:
URL: https://github.com/apache/apisix/issues/9027#issuecomment-1463067680
I think you can set `allow_origins_by_regex` and `allow_origins` together. And manual change `allow_origins`.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org