Support CORS wildcard subdomains

EDIT: solved - the underlying GitHub - rs/cors: Go net/http configurable handler to handle CORS requests lib does support literally wildcard subdomains like this - the following Tyk config works as desired:

    "CORS": {
        "enable": true,
        "allowed_origins": ["https://*"]

@tyk-support, I suggest adding this as an example to tyk’s /docs/tyk-apis/tyk-gateway-api/api-definition-objects/cors/ or /docs/frequently-asked-questions/how-to-setup-cors/ (links broken as I’m a new user and cannot post with them)

— original question follows —

I would like to support a CORS allowed_origins of eg “https://*”.

As the CORS standard does not support this natively, only explicitly listed subdomains, the common way of implementing it is to have a dynamic response, where the provided Origin domain is echoed back in the “Access-Control-Allow-Origin” header, as long as it matches the desired regex. For example: cors - Access-Control-Allow-Origin wildcard subdomains, ports and protocols - Stack Overflow

Can Tyk do this? Or do I need to set up a backend to handle all OPTIONS requests to have this logic?

Hi @grantcox. Thanks for your suggestion. We’ve now updated to mention the use of wildcard subdomains.

Thanks again