Hi guys, for the `cors` block can we use `*` in it...
# community
Hi guys, for the
block can we use
in it?
Copy code
  - '*.<http://domain.com|domain.com>'
and if so, would the
be allowed?
Hi, It is possible to use
per allowed origin and it matches and allows the
. I am not sure about
uses the
package and I’ve checked the source code for it and come up with a little test by copying over some logic;
Copy code
package cors_test

import (


func TestCors(t *testing.T) {
	rule := "*.<http://domain.com|domain.com>" // the rule given in cerbos configuration
    // if block from <https://github.com/rs/cors/blob/066574eebbd0f5f1b6cd1154a160cc292ac1835e/cors.go#L153C21-L153C21>
	var wc wildcard
	if i := strings.IndexByte(rule, '*'); i >= 0 {
		wc = wildcard{rule[0:i], rule[i+1:]}

	testCases := []struct {
		domain string

	for _, testCase := range testCases {
		t.Run(testCase.domain, func(t *testing.T) {
            require.True(t, wc.match(testCase.domain))

// wildcard struct from <https://github.com/rs/cors/blob/066574eebbd0f5f1b6cd1154a160cc292ac1835e/utils.go#L9>
type wildcard struct {
	prefix string
	suffix string

// wildcard match method from <https://github.com/rs/cors/blob/066574eebbd0f5f1b6cd1154a160cc292ac1835e/utils.go#L14>
func (w wildcard) match(s string) bool {
	return len(s) >= len(w.prefix)+len(w.suffix) && strings.HasPrefix(s, w.prefix) && strings.HasSuffix(s, w.suffix)
All of the subdomain cases seem to pass🤞🏻
Copy code
--- FAIL: TestCors (0.00s)
    --- PASS: TestCors/sub.sub.domain.com (0.00s)
    --- PASS: TestCors/sub.domain.com (0.00s)
    --- FAIL: TestCors/domain.com (0.00s)
thank you!