From 43e644b2a143894b479a23ab24c2b0c40bd2e040 Mon Sep 17 00:00:00 2001
From: o0Ignition0o <jeremy.lempereur@gmail.com>
Date: Thu, 24 Nov 2022 11:49:00 +0100
Subject: [PATCH 1/2] Docs: Update cors match regex example:

fixes #2151

The docs match regex example was wrong, it was missing ^ at the beginning and $ at the end. `$` marks the end of a string, which could be a safety issue.
---
 docs/source/configuration/cors.mdx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/source/configuration/cors.mdx b/docs/source/configuration/cors.mdx
index 9b1637085e..ce399cf523 100644
--- a/docs/source/configuration/cors.mdx
+++ b/docs/source/configuration/cors.mdx
@@ -40,7 +40,7 @@ cors:
     - https://www.your-app.example.com
     - https://studio.apollographql.com # Keep this so Apollo Studio can run queries against your router
   match_origins:
-    - "https://([a-z0-9]+[.])*api[.]example[.]com" # any host that uses https and ends with .api.example.com
+    - "^https://([a-z0-9]+[.])*api[.]example[.]com$" # any host that uses https and ends with .api.example.com
 ```
 
 You can also disable CORS entirely by setting `origins` to an empty list:

From 803ec2e60408e931ed26f2429aa15b6e94036044 Mon Sep 17 00:00:00 2001
From: o0Ignition0o <jeremy.lempereur@gmail.com>
Date: Thu, 24 Nov 2022 11:54:57 +0100
Subject: [PATCH 2/2] changelog

---
 NEXT_CHANGELOG.md | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/NEXT_CHANGELOG.md b/NEXT_CHANGELOG.md
index 8885cd66e2..5655e1f346 100644
--- a/NEXT_CHANGELOG.md
+++ b/NEXT_CHANGELOG.md
@@ -145,6 +145,13 @@ By [@col](https://github.com/col) in https://github.com/apollographql/router/pul
 ## 🛠 Maintenance
 ## 📚 Documentation
 
+### Docs: Update cors match regex example ([Issue #2151](https://github.com/apollographql/router/issues/2151))
+
+The docs CORS regex example now displays a working and safe way to allow `HTTPS` subdomains of `api.example.com`.
+
+By [@col](https://github.com/o0Ignition0o) in https://github.com/apollographql/router/pull/2152
+
+
 ### update documentation to reflect new examples structure ([Issue #2095](https://github.com/apollographql/router/pull/2133))
 
 We recently updated the examples directory structure. This fixes the documentation links to the examples. It also makes clear that rhai subgraph fields are read-only, since they are shared resources.