Can I configure :allow-origin
to allow all subdomains from a certain domain?
or should I use a function of the ctx and look at the request headers?
@borkdude https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS "*" is valid for that header
I know, but what about not allowing other domains?
Ah, it also supports a vector (looked at the tests), that’s good enough for me
I'm betting *.http://foo.com would work