Menu
I have implemented CORS on my Google App Engine Python app with this code:
approved_origin = 'https://example.com'
self.response.headers.add_header('Access-Control-Allow-Origin', approved_origin)
The problem is that I could like to allow more than one approved origin, and would like to allow both http and https.
Does anyone know if this can be done, and if so, what is the syntax? I do not want to allow all origins with '*'.
825
You have to maintain a whitelist of allowed origins and include the CORS header if the current request comes from an approved origin. Something like this should work:
approved_origins = ['https://example.com', 'https://example.info']
if self.request.headers['Origin'] in approved_origins:
self.response.headers.add_header('Access-Control-Allow-Origin', self.request.headers['Origin'])
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
