From a065f9e54bc4a65ca531ab2139cee515ea23934d Mon Sep 17 00:00:00 2001 From: Sergey Beryozkin Date: Wed, 15 Feb 2023 13:08:49 +0000 Subject: [PATCH] Show how to enable all origins in HTTP CORS section --- docs/src/main/asciidoc/http-reference.adoc | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/docs/src/main/asciidoc/http-reference.adoc b/docs/src/main/asciidoc/http-reference.adoc index cc1fed445383b..dace7453e05dc 100644 --- a/docs/src/main/asciidoc/http-reference.adoc +++ b/docs/src/main/asciidoc/http-reference.adoc @@ -328,6 +328,20 @@ quarkus.http.cors.access-control-max-age=24H quarkus.http.cors.access-control-allow-credentials=true ---- +`/https://([a-z0-9\\-_]+)\\.app\\.mydomain\\.com/` is treated as a regular expression because it is surrounded by forward slash characters. + +=== Support all origins in devmode + +Having to configure required origins when you start developing a Quarkus application requiring CORS support can be difficult and, in such cases, you may want to allow all origins in dev mode only in order to focus on the actual development first: + +[source, properties] +---- +quarkus.http.cors=true +%dev.quarkus.http.cors.origins=/.*/ +---- + +It is important that you enable all origins only for the dev profile, allowing all origins in production is not recommended and could expose your applications to serious security issues. + == HTTP Limits Configuration include::{generated-dir}/config/quarkus-vertx-http-config-group-server-limits-config.adoc[leveloffset=+1, opts=optional]