You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Right now, the origins that are allowed are passed during the wrapping of the app. They are static and cannot be injected dynamically.
Desired behaviour
My use case is the following: I'm exchanging an http-only session cookie against a JWT on a centralized auth server. The front client is a SPA hosted on a lot of different domains. I need to set allow-credentials to True, and need an actual whitelist.
I can't inject the full list of domains during the app creation: it's too large, and I want to be able to add some in a database without having to reload the flask app.
I'd like to have a hook where I have access to the request headers, and return what should be injected in the Allow-Origin response header. That way I can compare the origin against my dynamic whitelist, and return the origin only if it's a match.
The text was updated successfully, but these errors were encountered:
Current behaviour
Right now, the origins that are allowed are passed during the wrapping of the app. They are static and cannot be injected dynamically.
Desired behaviour
My use case is the following: I'm exchanging an http-only session cookie against a JWT on a centralized auth server. The front client is a SPA hosted on a lot of different domains. I need to set allow-credentials to True, and need an actual whitelist.
I can't inject the full list of domains during the app creation: it's too large, and I want to be able to add some in a database without having to reload the flask app.
I'd like to have a hook where I have access to the request headers, and return what should be injected in the Allow-Origin response header. That way I can compare the origin against my dynamic whitelist, and return the origin only if it's a match.
The text was updated successfully, but these errors were encountered: