Skip to content

Fix cors match #977

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 8 commits into from
Nov 4, 2025
Merged

Fix cors match #977

merged 8 commits into from
Nov 4, 2025

Conversation

@Cold-Coast
Copy link

@Cold-Coast Cold-Coast commented Oct 25, 2025

Allow matching cors with wildcards like this https://*.*.example.com, https://*.example.com

@or-else or-else changed the base branch from master to devel October 26, 2025 07:36
@or-else
Copy link
Contributor

or-else commented Oct 26, 2025

Please add comments explaining the logic. Thanks!

or-else
or-else reviewed Oct 26, 2025
View reviewed changes
or-else
or-else reviewed Oct 26, 2025
View reviewed changes
or-else
or-else reviewed Oct 26, 2025
View reviewed changes
@or-else
Copy link
Contributor

or-else commented Oct 26, 2025

Also, please consider adding a few examples of supported URLs here:

chat/server/tinode.conf

Line 143 in b6b8959

// Origin URLs allowed to download files, e.g. ["https://www.example.com", "http://example.com"].

@Cold-Coast Cold-Coast closed this Oct 28, 2025
@Cold-Coast Cold-Coast reopened this Oct 28, 2025
or-else
or-else reviewed Oct 29, 2025
View reviewed changes
server/media/media.go Outdated

matched := true
for i, part := range allowedParts {
if part == "*" && (i == 0 || part == allowedParts[i-1]) {
Copy link
Contributor

@or-else or-else Oct 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't understand the && (i == 0 || part == allowedParts[i-1]). Is it to prevent patterns like abc.*.example.com? Please add a comment with an explanation.

Copy link
Author

@Cold-Coast Cold-Coast Nov 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

turns out that this part was actually unnecessary

@or-else
Copy link
Contributor

or-else commented Nov 3, 2025

Any update on this?

Андрей Верчук added 2 commits November 4, 2025 14:03
@or-else or-else merged commit 11cbbd1 into tinode:devel Nov 4, 2025
@or-else
Copy link
Contributor

or-else commented Nov 4, 2025

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@or-else or-else or-else approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Cold-Coast @or-else