From 5c9fae7e6258fd66d026793e7cb03ba9955e3dee Mon Sep 17 00:00:00 2001
From: Kevin Wan <wanjunfeng@gmail.com>
Date: Mon, 25 Apr 2022 21:56:59 +0800
Subject: [PATCH] feat: support sub domain for cors (#1827)

---
 rest/internal/cors/handlers.go      | 3 ++-
 rest/internal/cors/handlers_test.go | 6 ++++++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/rest/internal/cors/handlers.go b/rest/internal/cors/handlers.go
index 7bb3f077..e2a64b74 100644
--- a/rest/internal/cors/handlers.go
+++ b/rest/internal/cors/handlers.go
@@ -2,6 +2,7 @@ package cors
 
 import (
 	"net/http"
+	"strings"
 
 	"github.com/zeromicro/go-zero/rest/internal/response"
 )
@@ -81,7 +82,7 @@ func isOriginAllowed(allows []string, origin string) bool {
 			return true
 		}
 
-		if o == origin {
+		if strings.HasSuffix(origin, o) {
 			return true
 		}
 	}
diff --git a/rest/internal/cors/handlers_test.go b/rest/internal/cors/handlers_test.go
index dea7bb4e..4a398ba5 100644
--- a/rest/internal/cors/handlers_test.go
+++ b/rest/internal/cors/handlers_test.go
@@ -31,6 +31,12 @@ func TestCorsHandlerWithOrigins(t *testing.T) {
 			reqOrigin: "http://local",
 			expect:    "http://local",
 		},
+		{
+			name:      "allow sub origins",
+			origins:   []string{"local", "remote"},
+			reqOrigin: "sub.local",
+			expect:    "sub.local",
+		},
 		{
 			name:      "allow all origins",
 			reqOrigin: "http://local",