EDIT: solved - the underlying GitHub - rs/cors: Go net/http configurable handler to handle CORS requests lib does support literally wildcard subdomains like this - the following Tyk config works as desired:
"CORS": {
"enable": true,
"allowed_origins": ["https://*.mydomain.com"]
@tyk-support, I suggest adding this as an example to tyk’s /docs/tyk-apis/tyk-gateway-api/api-definition-objects/cors/ or /docs/frequently-asked-questions/how-to-setup-cors/ (links broken as I’m a new user and cannot post with them)
— original question follows —
I would like to support a CORS allowed_origins of eg “https://*.mydomain.com”.
As the CORS standard does not support this natively, only explicitly listed subdomains, the common way of implementing it is to have a dynamic response, where the provided Origin domain is echoed back in the “Access-Control-Allow-Origin” header, as long as it matches the desired regex. For example: cors - Access-Control-Allow-Origin wildcard subdomains, ports and protocols - Stack Overflow
Can Tyk do this? Or do I need to set up a backend to handle all OPTIONS requests to have this logic?