fix asterisk CORS_ALLOWED_ORIGINS, mentioned in #955

2026-06-13 16:40:05 +00:00 · 2026-04-13 19:02:27 +03:00
parent 210c607c53
commit 03f71fd257
1 changed files with 1 additions and 1 deletions
@@ -915,7 +915,7 @@ app.router.add_route('OPTIONS', config.URL_PREFIX + 'delete-cookies', add_cors)
 async def on_prepare(request, response):
    origin = request.headers.get('Origin')
-    if origin and _cors_origins and origin in _cors_origins:
+    if origin and _cors_origins and ('*' in _cors_origins or origin in _cors_origins):
        response.headers['Access-Control-Allow-Origin'] = origin
        response.headers['Access-Control-Allow-Headers'] = 'Content-Type'