regex for random ngrok.io sites

Question

regex for random ngrok.io sites

aasutossh opened this issue 4 years ago · comments

Sorry about this issue.
I am trying to use CORS_ALLOWED_ORIGIN_REGEXES to whitelist any ngrok.io address.
The generated ngrok.io address is like this: https://da457438d47.ngrok.io.
I tried to use the following regex: r"^https://\w+\.ngrok\.io$", but still getting CORS issues.
If I whitelist the site using CORS_ALLOWED_ORIGINS, then it works.

Adam Johnson · Answer 1 · Mon Sep 07 2020 16:09:49 GMT+0800 (China Standard Time)

Can you check with your browser's devtools network tab the exact Origin header being sent with requests?

Aasutosh Jha · Answer 2 · Mon Sep 07 2020 16:37:58 GMT+0800 (China Standard Time)

I just checked, it's the same as the address I wrote in above comment. https://da457438d47.ngrok.io

Aasutosh Jha · Answer 3 · Mon Sep 07 2020 16:44:27 GMT+0800 (China Standard Time)

One difference I see is, if I use the regex for cors, then there is no Access-Control-Allow-Origin in headers. If I manually entry the address in CORS_ALLOWED_ORIGINS then the required header is present.

Adam Johnson · Answer 4 · Mon Sep 07 2020 17:19:00 GMT+0800 (China Standard Time)

When you set up the regex and run manage.py check, do you see any errors? If you try ^.*$ as the regex, does it work?

Aasutosh Jha · Answer 5 · Mon Sep 07 2020 19:19:14 GMT+0800 (China Standard Time)

No issues, manage.py check returns System check identified no issues (0 silenced).
^.*$ doesn't work either.

Adam Johnson · Answer 6 · Mon Sep 07 2020 19:57:53 GMT+0800 (China Standard Time)

Please reproduce in a fresh demo project. I made a check with the test suite in #572 and everything seems to be working as expected.

Aasutosh Jha · Answer 7 · Tue Sep 08 2020 09:38:33 GMT+0800 (China Standard Time)

So, do I need to update the django-cors-headers package?

Adam Johnson · Answer 8 · Tue Sep 08 2020 17:13:21 GMT+0800 (China Standard Time)

I have no idea since you haven't reported which version you're using.

Please reproduce in a fresh demo project.

This means - send me a new django project that has the bug. Create a project with startproject, make the changes to reproduce the error you're seeing.

Aasutosh Jha · Answer 9 · Thu Sep 10 2020 12:55:17 GMT+0800 (China Standard Time)

I have no idea since you haven't reported which version you're using.

I am using 3.4.0. Sorry about not letting you know the version.
I see there is a newer version. I'll try that and report back.

send me a new django project that has the bug

I'll do that as soon as I am free to do so.

Aasutosh Jha · Answer 10 · Thu Sep 10 2020 13:01:24 GMT+0800 (China Standard Time)

I'll try that and report back.

After update, restarted the server, and tried to access via the ngrok site. Still, not accessible with regex, but accessible with the other option.

udemezue John · Answer 11 · Sat Sep 26 2020 15:14:55 GMT+0800 (China Standard Time)

CORS_ALLOWED_ORIGINS = [
"https://example.com",
"https://sub.example.com",
"http://localhost:8080",
"http://127.0.0.1:9000"
]

Add ur Django url and frontend URL here

Mahmoud Adel · Answer 12 · Tue Jan 19 2021 18:15:52 GMT+0800 (China Standard Time)

I was using 3.4.0 and had the same issue as it was discussed here, upgraded to 3.6.0 and everything is working as expected now.

Aasutosh Jha · Answer 13 · Wed Jan 20 2021 17:08:11 GMT+0800 (China Standard Time)

If it's fixed, maintainers can close it anytime. Thanks. (Not using django anymore).