Dynamic trustedOrigins
I am trying to do cross sub-domain auth, and its working just fine with cross-domain cookies until I receive a INVALID_ORIGIN error.
My app can generate sub-domains on the fly and these are supposed to be in the trustedOrigins but how can I do this? does it support wildcard or glob matching, I couldn't find any docs around this.
Any help will be appreciated. Thank you.
5 Replies
There is a PR opened to make trustedOrigin a function, from here you can make it dynamic to support each origin.
GitHub
feat: support function for trusted origins configuration by ping-ma...
Updated the trusted origins option to accept either an array or a function returning an array of origins.
Modified middleware and utility functions to handle function-based trusted origins.
Enhance...
Once this is merged you can do it.
managed to set it as a wildcard i.e. *.domain.com (without the protocol) and that worked.
Oh awesome!
Hi guys,
I came across this thread and I'm interested in setting up a dedicated authentication domain (e.g., auth.example.com). Does PR #1151 for "trusted origins" indeed allow for centralizing authentication and sharing session cookies across subdomains (app.example.com, ect ect)?
Thanks for your insights !