Skip to content

CORS proxy: Fix custom origin validation during deployment #2698

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
brandonpayton merged 15 commits into from
Sep 29, 2025
Merged

CORS proxy: Fix custom origin validation during deployment #2698

brandonpayton merged 15 commits into from
Sep 29, 2025

Conversation

@brandonpayton
Copy link
Member

@brandonpayton brandonpayton commented Sep 29, 2025

Motivation for the change, related issues

We allow customizing the list of origins supported by the CORS proxy, but there is a bug in the deployment script that rejects valid origins within the custom origin list.

Implementation details

This PR:

  • Fixes the validation regex to accept port numbers.
  • Fixes the validation regex to accept arbitrary TLDs.
  • Makes the CUSTOM_SUPPORTED_ORIGINS_SPACE_SEPARATED list a variable instead of a secret so maintainers can edit the list directly. With a secret, the only way items can be added and removed is to know the current value of the secret, but GitHub does not expose the current value.

Testing Instructions (or ideally a Blueprint)

  • CI
  • Manually trigger CORS proxy deployment from this PR branch

@brandonpayton brandonpayton requested a review from a team September 29, 2025 22:11
@brandonpayton brandonpayton self-assigned this Sep 29, 2025
@brandonpayton brandonpayton added [Type] Bug An existing feature does not function as intended [Package][@wp-playground] CORS Proxy labels Sep 29, 2025
@brandonpayton
Copy link
Member Author

brandonpayton commented Sep 29, 2025

This works, and I was able to deploy an update so a separate self-hosted Playground web app could use the CORS proxy with a custom origin.

@brandonpayton brandonpayton merged commit c8738e7 into trunk Sep 29, 2025
24 checks passed
@brandonpayton brandonpayton deleted the fix-public-cors-proxy-deployment-for-custom-origins branch September 29, 2025 23:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@brandonpayton brandonpayton

Labels

[Package][@wp-playground] CORS Proxy [Type] Bug An existing feature does not function as intended

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@brandonpayton