multiple entries or wildcards in allow_origin

[havok2063]

Does the Voila.tornado_settings allow_origin key allow multiple entries, or wildcards? In order to use the cookie passing feature, we set "allow_credentials": "true" but with that, we can no longer use a general wildcard in allow_origin: "*". Does voila allow passing a list of allowed domains? or is there a syntax for specifying all subdomains. e.g. *.stsci.edu? I couldn't find anything in the Jupyter server documentation.

[mariobuikhuizen]

I found allow_origin_pat in jupyter_server: https://github.com/jupyter-server/jupyter_server/blob/1a6a481acb43c34fee201cab80774ab69eab5bb6/jupyter_server/base/handlers.py#L297

But it seems to have a bug, which is fixed by:

diff --git a/jupyter_server/base/handlers.py b/jupyter_server/base/handlers.py
index 60d0e5fea..81bf7b36b 100644
--- a/jupyter_server/base/handlers.py
+++ b/jupyter_server/base/handlers.py
@@ -295,7 +295,8 @@ class JupyterHandler(AuthenticatedHandler):
     @property
     def allow_origin_pat(self):
         """Regular expression version of allow_origin"""
-        return self.settings.get("allow_origin_pat", None)
+        pat_str = self.settings.get("allow_origin_pat", None)
+        return re.compile(pat_str) if pat_str else None
​
     @property
     def allow_credentials(self):

I can make a PR for this.

After that, you should be able to use 'allow_origin_pat': 'http[s]?:\/\/.+\.stsci\.edu'

[havok2063]

Oh cool. I completely missed the allow_origin_pat config setting. That should do it.

[havok2063]

@mariobuikhuizen Any update on the PR fix for this?

[havok2063]

I think this is now fixed.