Whitelisting subdomain doesn't work as expected #474
Description
I'm running cors-anywhere via pm2:
CORSANYWHERE_WHITELIST=https://www.test.mydomain.com/,https://www.mydomain.com/ PORT=8080 pm2 start server.js --name cors-anywhere
when trying to reach it from a subdomain, I get 403:
const r = await fetch("https://cors.mydomain.com/https://some-iframe-url.io/", {
"headers": {
"origin": "https://www.test.mydomain.com/",
}
});
// fails with 403
// The origin "https://www.gamma.vectary.com" was not whitelisted by the operator of this proxy.
But when doing the same from a 2nd level domain, it's all good
const r = await fetch("https://cors.mydomain.com/https://some-iframe-url.io/", {
"headers": {
"origin": "https://www.mydomain.com/",
}
});
// 200 OK
Am I missing anything?