Roman Levytskyi
08/18/2023, 8:53 AMcors
block can we use *
in it?
cors:
allowedOrigins:
- '*.<http://domain.com|domain.com>'
and if so, would the <http://my.sub.domain.com|my.sub.domain.com>
be allowed?oguzhan
*
per allowed origin and it matches and allows the <http://sub.domain.com|sub.domain.com>
.
I am not sure about <http://my.sub.domain.com|my.sub.domain.com>
. cerbos/cerbos
uses the rs/cors
package and I’ve checked the source code for it and come up with a little test by copying over some logic;
package cors_test
import (
"strings"
"testing"
"<http://github.com/stretchr/testify/require|github.com/stretchr/testify/require>"
)
func TestCors(t *testing.T) {
rule := "*.<http://domain.com|domain.com>" // the rule given in cerbos configuration
// if block from <https://github.com/rs/cors/blob/066574eebbd0f5f1b6cd1154a160cc292ac1835e/cors.go#L153C21-L153C21>
var wc wildcard
if i := strings.IndexByte(rule, '*'); i >= 0 {
wc = wildcard{rule[0:i], rule[i+1:]}
}
testCases := []struct {
domain string
}{
{"<http://sub.sub.domain.com|sub.sub.domain.com>"},
{"<http://sub.domain.com|sub.domain.com>"},
{"<http://domain.com|domain.com>"},
}
for _, testCase := range testCases {
t.Run(testCase.domain, func(t *testing.T) {
require.True(t, wc.match(testCase.domain))
})
}
}
// wildcard struct from <https://github.com/rs/cors/blob/066574eebbd0f5f1b6cd1154a160cc292ac1835e/utils.go#L9>
type wildcard struct {
prefix string
suffix string
}
// wildcard match method from <https://github.com/rs/cors/blob/066574eebbd0f5f1b6cd1154a160cc292ac1835e/utils.go#L14>
func (w wildcard) match(s string) bool {
return len(s) >= len(w.prefix)+len(w.suffix) && strings.HasPrefix(s, w.prefix) && strings.HasSuffix(s, w.suffix)
}
All of the subdomain cases seem to pass🤞🏻
--- FAIL: TestCors (0.00s)
--- PASS: TestCors/sub.sub.domain.com (0.00s)
--- PASS: TestCors/sub.domain.com (0.00s)
--- FAIL: TestCors/domain.com (0.00s)
Roman Levytskyi
08/21/2023, 8:26 AM