Closed
Description
New Feature / Enhancement Checklist
- I am not disclosing a vulnerability.
- I am not just asking a question.
- I have searched through existing issues.
Current Limitation
The current configuration seems to only support one origin or ALL origins (*)
Feature / Enhancement Description
Modify the middlewares' allowCrossDomain function to support comma delimited ALLOW_ORIGIN, look for a matching origin to the request's origin header and set the response header to the match, otherwise just set the header to the first value in the list of allowed origins
Example Use Case
new ParseServer({
// rest of config
allowOrigin: 'https://a.com,https://b.com,https://c.com'
})
Then, webapps at a.com, b.com, and c.com will not have CORS issues sending requests, but d.com will not be allowed.
Alternatives / Workarounds
Setting to * (or leaving undefined), allows any origin, but this has security implications.
3rd Party References
https://github.com/expressjs/cors
Notes
I have a patch which I've been using. I'll make a PR soon