Hi, hope I’m asking at the right place! We want to use a hosted (as in paid) discourse account and embed it on three sites to power their comment sections.
It is my understanding that I would need to whitelist 3 domains as cors origins which I’ve done like so: https://dl.dropboxusercontent.com/s/4zrqarqjln7qj8k/2017-08-16%20at%2020.16.png
It seems however upon some testing that only the first domain is returned: https://dl.dropboxusercontent.com/s/jctq7uejd8lbqbj/2017-08-16%20at%2020.22.png
It is my understanding that it’s not possible to return multiple origins in the cors header. In our company we’ve worked around that by checking the
origin, and matching it against a short whitelist. If it occurs, we return that specific origin for the current request. That way multiple origins can indeed be supported.
Could this be something you’d be willing to support/implement or should we go for a self-hosted solution and hack around this? For one thing, I think the way the interface is now, you would expect it allows multiple origins.
Would be awesome if you’d consider this, as I’m looking forward very much to building a community for our open source projects with discourse! <3