Handling CORS with Wildcard Subdomains in Flask-SocketIO

[martenzo7]

Hi,

I'm trying to configure Flask-SocketIO to handle CORS for multiple subdomains (e.g., cors_allowed_origins='*.domain.com').

allowed_origins = [
    'https://*.domain.com',
    'http://*.localdomain.com'
]

socketio = SocketIO(app, cors_allowed_origins=allowed_origins)

However, I noticed that cors_allowed_origins does not support wildcards directly. unless it's from all domains (e.g., cors_allowed_origins='*'). I know I could make a list for all my subdomains but that would take so long since I created a lot of subdomains.

Could you please advise on the best approach to handle CORS with wildcard subdomains for Socket.IO? Is there a recommended way to configure this or any workarounds?

Thanks in advance!

[miguelgrinberg]

CORS with wildcards is not directly supported by the CORS specification, so it has to be implemented as a server-side extension. Unfortunately this is not available in the CORS support that Flask-SocketIO uses at this time, so the options are all domains, or an explicit list of them.