Set subdomains to AllowOrigins with wildcard

[atsushi-ishibashi]

close: #1300

[codecov]

Codecov Report

Merging #1301 into master will increase coverage by 0.05%.
The diff coverage is 85.71%.

@@            Coverage Diff             @@
##           master    #1301      +/-   ##
==========================================
+ Coverage   84.21%   84.26%   +0.05%     
==========================================
  Files          26       27       +1     
  Lines        1951     1989      +38     
==========================================
+ Hits         1643     1676      +33     
- Misses        202      205       +3     
- Partials      106      108       +2

Impacted Files	Coverage Δ
middleware/cors.go	76.36% <100%> (+1.36%)	⬆️
middleware/util.go	84.37% <84.37%> (ø)
echo.go	88.19% <0%> (+0.04%)	⬆️
middleware/secure.go	93.33% <0%> (+0.47%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 775b2ee...cf1aac1. Read the comment docs.

[vishr]

@atsushi-ishibashi I like the idea of supporting subdomains; however, I would like to see a better algorithm which can support nesting as well. Something like below:

Split origin & allowed origin by . and compare all tokens but *. You need to take care of length in the loop. Perhaps we can pull out this function in a util.go

func IsSubDomain(domain, pattern string) bool {
}

//cc @im-kulikov @alexaandru

[vishr]

• I don't think you need o != "*"
• Make equalScheme() part of isSubdomain()`

[vishr]

I think matchScheme() is a better name

[vishr]

Similar to above matchSubdomain() is a better name

[vishr]

👍