Skip to content

SetIsOriginAllowedToAllowWildcardSubdomains requires base origin instead of wildcard #35990

Closed
#36164
Closed
SetIsOriginAllowedToAllowWildcardSubdomains requires base origin instead of wildcard#35990
#36164
Assignees
tdykstracopilot-swe-agent
Labels
Source - Docs.msDocs Customer feedback via GitHub Issueaspnet-core/svcseQUESTeredIdentifies that an issue has been imported into Quest.security/subsvc
@kedzior-io

Description

@kedzior-io
kedzior-io
opened on Aug 25, 2025

Description

Seem that the setup here does not work for wildcard when SetIsOriginAllowedToAllowWildcardSubdomains is used.

https://learn.microsoft.com/en-us/aspnet/core/security/cors?view=aspnetcore-9.0#set-the-allowed-origins

policy.WithOrigins("https://*.example.com")

However base class will:

policy.WithOrigins("https://example.com")

https://x.com/KedziorArtur/status/1960011635512180947

Page URL

https://learn.microsoft.com/en-us/aspnet/core/security/cors?view=aspnetcore-9.0#set-the-allowed-origins

Content source URL

https://github.com/dotnet/AspNetCore.Docs/blob/main/aspnetcore/security/cors.md

Document ID

d3f332c4-4c60-039e-0e1e-bc6b11831f87

Platform Id

fa70aa3f-a2de-be8b-4255-e778a6edb8ff

Article author

@tdykstra

Metadata

  • ID: 59bca5db-1196-2a8b-a0d8-4e89b2382288
  • PlatformId: fa70aa3f-a2de-be8b-4255-e778a6edb8ff
  • Service: aspnet-core
  • Sub-service: security

Related Issues

Associated WorkItem - 486310

Metadata

Metadata

Assignees

Labels

Source - Docs.msDocs Customer feedback via GitHub Issueaspnet-core/svcseQUESTeredIdentifies that an issue has been imported into Quest.security/subsvc

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions