homelab/traefik
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Allow to use regular expressions for AccessControlAllowOriginList

Browse source
This commit is contained in:
Luca Guidi 2020-10-29 10:52:03 +01:00 committed by GitHub
parent 699cf71652
commit b5198e63c4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
11 changed files with 133 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

10
docs/content/middlewares/headers.md
View file

@ -306,7 +306,7 @@ The `accessControlAllowOriginList` indicates whether a resource can be shared by
A wildcard origin `*` can also be configured, and will match all requests.
If this value is set by a backend server, it will be overwritten by Traefik
This value can contains a list of allowed origins.
This value can contain a list of allowed origins.
More information including how to use the settings can be found on:
@ -316,6 +316,14 @@ More information including how to use the settings can be found on:
Traefik no longer supports the null value, as it is [no longer recommended as a return value](https://w3c.github.io/webappsec-cors-for-developers/#avoid-returning-access-control-allow-origin-null).
### `accessControlAllowOriginListRegex`
The `accessControlAllowOriginListRegex` option is the counterpart of the `accessControlAllowOriginList` option with regular expressions instead of origin values.
It will allow all origin that contains any match of a regular expression in the `accessControlAllowOriginList`.
!!! tip
Regular expressions can be tested using online tools such as [Go Playground](https://play.golang.org/p/mWU9p-wk2ru) or the [Regex101](https://regex101.com/r/58sIgx/2).
### `accessControlExposeHeaders`
The `accessControlExposeHeaders` indicates which headers are safe to expose to the api of a CORS API specification.