Add support for regex in allowed origins for the CORS filter. by alexdupre · Pull Request #13778

Add support for regex in allowed origins for the CORS filter. by alexdupre · Pull Request #13778 · playframework/playframework

Pull Request Checklist

Have you read How to write the perfect pull request?
Have you read through the contributor guidelines?
Have you referenced any issues you're fixing using commit message keywords?
Have you added copyright headers to new files?
Have you checked that both Scala and Java APIs are updated?
Have you updated the documentation for both Scala and Java sections?
Have you added tests for any changed functionality?

Helpful things

Purpose

This PR adds the ability to use regular expressions when defining the allowed origins for the CORS filter.

Background Context

Sometimes explicitely declaring all allowed origins is not possible, for example when dynamic hostnames under the same domain are used. Currently the only option is to allow any origin, but this is sub-optimal. I've evaluated two different approaches to solve the issue:

add support for wildcards (simpler, but still limited)
add support for regular expressions (more complex, but more flexible)

Considering that other common web frameworks (like Node Express) already support regular expressions, I've opted for the second solution.

The change has been done in a full backward compatible way, so the CORS behavior is unchanged unless the new allowedOriginsAsRegex config parameter is set to true.