CORS允许来源-它可以允许给定父域的所有子域吗? [英] CORS allowed-origins - Can it allow All Sub-domains for a given Parent Domain?

问题描述

我有一个客户希望我们添加接近20个属于他们的Dev，QA，Staging，Production环境的网站URL，例如dev.example.com，qa.example.com，www.example .com.如果我想为每个客户添加这么多URL，那么我的策略列表是 将变得难以管理.

我知道CORS允许的起源是ALL或NOTHING，但是有一种方法可以使Azure APIM的< allowed-origins>策略可以允许仅指定具有通配符子域/cname的父域?

谢谢

范围

解决方案

 

您可以参考以下内容网址以获取更多详细信息:

• https://stackoverflow.com/questions/14003332/access-control-allow-origin-wildcard- subdomains-ports-and-protocols
•  

  : 该响应包含对第三方万维网站点的引用. Microsoft为方便您而提供此信息. Microsoft不控制这些站点，也没有测试在这些站点上找到的任何软件或信息；所以， Microsoft无法对在此找到的任何软件或信息的质量，安全性或适用性做出任何陈述.使用Internet上发现的任何软件都存在固有的危险，Microsoft提醒您确保自己 在从Internet检索任何软件之前，应完全了解风险.

  如果此答案很有帮助，请单击"标记为答案"或"投票".提供额外的 关于您的论坛体验的反馈，请单击 .
  

I have a customer that wants us to add close to 20 site URLs that belong to their Dev, QA, Staging, Production environments - e.g., dev.example.com, qa.example.com, www.example.com. If I imagine adding these many URLs for each customer, my policy list is going to become hard to manage.

I am aware that CORS allowed origins is ALL or NOTHING, but is there a way that Azure APIM's <allowed-origins> policy can allow to specify just the parent domain with a wildcard subdomain/cname?

Thanks,

Ranga

解决方案

Access-Control-Allow-Origin is set to the current specific protocol + domain + port dynamically without using any rewrite rules.

 

You may refer to the below URLs for more details:

• https://stackoverflow.com/questions/14003332/access-control-allow-origin-wildcard-subdomains-ports-and-protocols
• http://starredmediasoft.com/cors-allow-origin-domain-using-wildcard-operator/

 

Disclaimer: This response contains a reference to a third-party World Wide Web site. Microsoft is providing this information as a convenience to you. Microsoft does not control these sites and has not tested any software or information found on these sites; therefore, Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. There are inherent dangers in the use of any software found on the Internet, and Microsoft cautions you to make sure that you completely understand the risk before retrieving any software from the Internet.

-----------------------------------------------------------------------------------------------

If this answer was helpful, click "Mark as Answer" or "Up-Vote". To provide additional feedback on your forum experience, click here.

这篇关于CORS允许来源-它可以允许给定父域的所有子域吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！