Allow to use regular expressions for AccessControlAllowOriginList

docs/content/middlewares/headers.md

@@ -306,7 +306,7 @@ The `accessControlAllowOriginList` indicates whether a resource can be shared by
 A wildcard origin `*` can also be configured, and will match all requests.
 If this value is set by a backend server, it will be overwritten by Traefik
 
-This value can contains a list of allowed origins.
+This value can contain a list of allowed origins.
 
 More information including how to use the settings can be found on:
 
@@ -316,6 +316,14 @@ More information including how to use the settings can be found on:
 
 Traefik no longer supports the null value, as it is [no longer recommended as a return value](https://w3c.github.io/webappsec-cors-for-developers/#avoid-returning-access-control-allow-origin-null).
 
+### `accessControlAllowOriginListRegex`
+
+The `accessControlAllowOriginListRegex` option is the counterpart of the `accessControlAllowOriginList` option with regular expressions instead of origin values.
+It will allow all origin that contains any match of a regular expression in the `accessControlAllowOriginList`.
+
+!!! tip
+    Regular expressions can be tested using online tools such as [Go Playground](https://play.golang.org/p/mWU9p-wk2ru) or the [Regex101](https://regex101.com/r/58sIgx/2).
+
 ### `accessControlExposeHeaders`
 
 The `accessControlExposeHeaders` indicates which headers are safe to expose to the api of a CORS API specification.

docs/content/reference/dynamic-configuration/docker-labels.yml

@@ -36,6 +36,7 @@
 - "traefik.http.middlewares.middleware10.headers.accesscontrolallowmethods=foobar, foobar"
 - "traefik.http.middlewares.middleware10.headers.accesscontrolalloworigin=foobar"
 - "traefik.http.middlewares.middleware10.headers.accesscontrolalloworiginlist=foobar, foobar"
+- "traefik.http.middlewares.middleware10.headers.accesscontrolalloworiginlistregex=foobar, foobar"
 - "traefik.http.middlewares.middleware10.headers.accesscontrolexposeheaders=foobar, foobar"
 - "traefik.http.middlewares.middleware10.headers.accesscontrolmaxage=42"
 - "traefik.http.middlewares.middleware10.headers.addvaryheader=true"

docs/content/reference/dynamic-configuration/file.toml

@@ -153,6 +153,7 @@
         accessControlAllowMethods = ["foobar", "foobar"]
         accessControlAllowOrigin = "foobar"
         accessControlAllowOriginList = ["foobar", "foobar"]
+        accessControlAllowOriginListRegex = ["foobar", "foobar"]
         accessControlExposeHeaders = ["foobar", "foobar"]
         accessControlMaxAge = 42
         addVaryHeader = true

docs/content/reference/dynamic-configuration/file.yaml

@@ -180,6 +180,9 @@ http:
         accessControlAllowOriginList:
         - foobar
         - foobar
+        accessControlAllowOriginListRegex:
+        - foobar
+        - foobar
         accessControlExposeHeaders:
         - foobar
         - foobar

docs/content/reference/dynamic-configuration/kv-ref.md

@@ -45,6 +45,8 @@
 | `traefik/http/middlewares/Middleware10/headers/accessControlAllowOrigin` | `foobar` |
 | `traefik/http/middlewares/Middleware10/headers/accessControlAllowOriginList/0` | `foobar` |
 | `traefik/http/middlewares/Middleware10/headers/accessControlAllowOriginList/1` | `foobar` |
+| `traefik/http/middlewares/Middleware10/headers/accessControlAllowOriginListRegex/0` | `foobar` |
+| `traefik/http/middlewares/Middleware10/headers/accessControlAllowOriginListRegex/1` | `foobar` |
 | `traefik/http/middlewares/Middleware10/headers/accessControlExposeHeaders/0` | `foobar` |
 | `traefik/http/middlewares/Middleware10/headers/accessControlExposeHeaders/1` | `foobar` |
 | `traefik/http/middlewares/Middleware10/headers/accessControlMaxAge` | `42` |