You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2022/09/15 06:41:19 UTC

[GitHub] [apisix] spacewander commented on a diff in pull request #7923: fix(cors): allow origins and regex conflict

spacewander commented on code in PR #7923:
URL: https://github.com/apache/apisix/pull/7923#discussion_r971585055


##########
apisix/plugins/cors.lua:
##########
@@ -164,13 +164,11 @@ function _M.check_schema(conf, schema_type)
     if not ok then
         return false, err
     end
-    if conf.allow_credential then
-        if conf.allow_origins == "*" or conf.allow_methods == "*" or
-            conf.allow_headers == "*" or conf.expose_headers == "*" then
-            return false, "you can not set '*' for other option when 'allow_credential' is true"
-        end
-    end
+
+    -- When allow_origins_by_regex is present we need to clear the default value of allow_origins
+    -- first to avoid errors in the check in allow_credential below.
     if conf.allow_origins_by_regex then
+        conf.allow_origins = nil

Review Comment:
   Maybe we should only clear when the value is `*`?
   Otherwise, conf like `allow_origins = "apple', allow_origins_by_regex = "bana*"` will not work.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org