From 573b30809565949f3de1654b54932a8f8f1b6597 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sel=C3=A7uk=20M=C4=B1ynat?= <selcukmiynat@gmail.com>
Date: Sun, 12 Jun 2016 02:22:29 +0300
Subject: [PATCH 1/3] Match exactly Access-Control-Allow-Headers

---
 flask_cors/core.py | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/flask_cors/core.py b/flask_cors/core.py
index 747be44..b499371 100644
--- a/flask_cors/core.py
+++ b/flask_cors/core.py
@@ -159,7 +159,7 @@ def get_allow_headers(options, acl_request_headers):
 
         # any header that matches in the allow_headers
         matching_headers = filter(
-            lambda h: try_match_any(h, options.get('allow_headers')),
+            lambda h: try_match_any(h, options.get('allow_headers'), True),
             request_headers
         )
 
@@ -256,17 +256,17 @@ def re_fix(reg):
     return r'.*' if reg == r'*' else reg
 
 
-def try_match_any(inst, patterns):
-    return any(try_match(inst, pattern) for pattern in patterns)
+def try_match_any(inst, patterns, exact_match=False):
+    return any(try_match(inst, pattern, exact_match) for pattern in patterns)
 
 
-def try_match(request_origin, pattern):
+def try_match(request_origin, pattern, exact_match=False):
     """Safely attempts to match a pattern or string to a request origin."""
     try:
         if isinstance(pattern, RegexObject):
             return re.match(pattern, request_origin)
         else:
-            return re.match(pattern, request_origin, flags=re.IGNORECASE)
+            return re.match("^" + pattern + "$" if exact_match else pattern, request_origin, flags=re.IGNORECASE)
     except:
         return request_origin == pattern
 

From aa8c0a5c4a7442b2441055eefbb28f2195185e92 Mon Sep 17 00:00:00 2001
From: Cory Dolphin <corydolphin@gmail.com>
Date: Wed, 22 Jun 2016 18:47:48 -0700
Subject: [PATCH 2/3] WIP

---
 flask_cors/core.py                    | 21 ++++++++++-----------
 flask_cors/extension.py               |  4 ++--
 tests/core/helper_tests.py            |  3 ++-
 tests/extension/test_app_extension.py |  2 +-
 4 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/flask_cors/core.py b/flask_cors/core.py
index b499371..eb106ea 100644
--- a/flask_cors/core.py
+++ b/flask_cors/core.py
@@ -159,7 +159,7 @@ def get_allow_headers(options, acl_request_headers):
 
         # any header that matches in the allow_headers
         matching_headers = filter(
-            lambda h: try_match_any(h, options.get('allow_headers'), True),
+            lambda h: try_match_any(h, options.get('allow_headers')),
             request_headers
         )
 
@@ -256,19 +256,18 @@ def re_fix(reg):
     return r'.*' if reg == r'*' else reg
 
 
-def try_match_any(inst, patterns, exact_match=False):
-    return any(try_match(inst, pattern, exact_match) for pattern in patterns)
+def try_match_any(inst, patterns):
+    return any(try_match(inst, pattern) for pattern in patterns)
 
 
-def try_match(request_origin, pattern, exact_match=False):
+def try_match(request_origin, maybe_regex):
     """Safely attempts to match a pattern or string to a request origin."""
-    try:
-        if isinstance(pattern, RegexObject):
-            return re.match(pattern, request_origin)
-        else:
-            return re.match("^" + pattern + "$" if exact_match else pattern, request_origin, flags=re.IGNORECASE)
-    except:
-        return request_origin == pattern
+    if isinstance(maybe_regex, RegexObject):
+        return re.match(maybe_regex, request_origin)
+    elif probably_regex(maybe_regex):
+        return re.match(maybe_regex, request_origin, flags=re.IGNORECASE)
+    else:
+        return request_origin == maybe_regex
 
 
 def get_cors_options(appInstance, *dicts):
diff --git a/flask_cors/extension.py b/flask_cors/extension.py
index bf19dbb..c609559 100644
--- a/flask_cors/extension.py
+++ b/flask_cors/extension.py
@@ -162,12 +162,12 @@ def cors_after_request(resp):
 
             for res_regex, res_options in resources:
                 if try_match(request.path, res_regex):
-                    LOG.debug("Request to '%s' matches CORS resource '%s'. Using options: %s",
+                    print("Request to '%s' matches CORS resource '%s'. Using options: %s",
                           request.path, get_regexp_pattern(res_regex), res_options)
                     set_cors_headers(resp, res_options)
                     break
             else:
-                LOG.debug('No CORS rule matches')
+                print('No CORS rule matches')
             return resp
 
         app.after_request(cors_after_request)
diff --git a/tests/core/helper_tests.py b/tests/core/helper_tests.py
index 6d7f630..5501ff8 100644
--- a/tests/core/helper_tests.py
+++ b/tests/core/helper_tests.py
@@ -21,7 +21,8 @@
 
 class InternalsTestCase(unittest.TestCase):
     def test_try_match(self):
-        self.assertTrue(try_match('www.com/foo+', 'www.com/foo'))
+        self.assertFalse(try_match('www.com/foo', 'www.com/fo'))
+        self.assertTrue(try_match('www.com/foo', 'www.com/fo*'))
 
     def test_flexible_str_str(self):
         self.assertEquals(flexible_str('Bar, Foo, Qux'), 'Bar, Foo, Qux')
diff --git a/tests/extension/test_app_extension.py b/tests/extension/test_app_extension.py
index 9d5babb..15706f0 100644
--- a/tests/extension/test_app_extension.py
+++ b/tests/extension/test_app_extension.py
@@ -15,7 +15,7 @@
 
 from flask_cors import *
 from flask_cors.core import *
-
+import logging; logging.basicConfig(level=logging.DEBUG)
 letters = 'abcdefghijklmnopqrstuvwxyz'  # string.letters is not PY3 compatible
 
 class AppExtensionRegexp(FlaskCorsTestCase):

From c1f62fa51077e888cc2814133131efc21e210f04 Mon Sep 17 00:00:00 2001
From: Cory Dolphin <corydolphin@gmail.com>
Date: Thu, 30 Jun 2016 23:24:34 -0700
Subject: [PATCH 3/3] fixups

---
 flask_cors/extension.py               | 4 ++--
 tests/extension/test_app_extension.py | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/flask_cors/extension.py b/flask_cors/extension.py
index c609559..bf19dbb 100644
--- a/flask_cors/extension.py
+++ b/flask_cors/extension.py
@@ -162,12 +162,12 @@ def cors_after_request(resp):
 
             for res_regex, res_options in resources:
                 if try_match(request.path, res_regex):
-                    print("Request to '%s' matches CORS resource '%s'. Using options: %s",
+                    LOG.debug("Request to '%s' matches CORS resource '%s'. Using options: %s",
                           request.path, get_regexp_pattern(res_regex), res_options)
                     set_cors_headers(resp, res_options)
                     break
             else:
-                print('No CORS rule matches')
+                LOG.debug('No CORS rule matches')
             return resp
 
         app.after_request(cors_after_request)
diff --git a/tests/extension/test_app_extension.py b/tests/extension/test_app_extension.py
index 15706f0..9d5babb 100644
--- a/tests/extension/test_app_extension.py
+++ b/tests/extension/test_app_extension.py
@@ -15,7 +15,7 @@
 
 from flask_cors import *
 from flask_cors.core import *
-import logging; logging.basicConfig(level=logging.DEBUG)
+
 letters = 'abcdefghijklmnopqrstuvwxyz'  # string.letters is not PY3 compatible
 
 class AppExtensionRegexp(FlaskCorsTestCase):