gin-contrib · arizz96 · Jul 8, 2018 · Jul 8, 2018 · Oct 30, 2019 · Oct 30, 2019
diff --git a/config.go b/config.go
@@ -2,6 +2,7 @@ package cors
 
 import (
 	"net/http"
+	"regexp"
 	"strings"
 
 	"github.com/gin-gonic/gin"
@@ -105,8 +106,14 @@ func (cors *cors) validateOrigin(origin string) bool {
 	if cors.allowAllOrigins {
 		return true
 	}
+	r, _ := regexp.Compile("^\\/(.+)\\/[gimuy]?$")
 	for _, value := range cors.allowOrigins {
-		if value == origin {
+		if r.MatchString(value) {
+			match, _ := regexp.MatchString(r.FindStringSubmatch(value)[1], origin)
+			if match {
+				return true
+			}
+		} else if value == origin {
 			return true
 		}
 	}

diff --git a/cors.go b/cors.go
@@ -2,6 +2,7 @@ package cors
 
 import (
 	"errors"
+	"regexp"
 	"strings"
 	"time"
 
@@ -86,6 +87,14 @@ func (c Config) getAllowedSchemas() []string {
 
 func (c Config) validateAllowedSchemas(origin string) bool {
 	allowedSchemas := c.getAllowedSchemas()
+
+	r, _ := regexp.Compile("^\\/(.+)\\/[gimuy]?$")
+	if r.MatchString(origin) {
+		// Normalize regexp-based origins
+		origin = r.FindStringSubmatch(origin)[1]
+		origin = strings.Replace(origin, "?", "", 1)
+	}
+
 	for _, schema := range allowedSchemas {
 		if strings.HasPrefix(origin, schema) {
 			return true

diff --git a/cors_test.go b/cors_test.go
@@ -92,6 +92,21 @@ func TestBadConfig(t *testing.T) {
 			AllowOrigins: []string{"google.com"},
 		})
 	})
+	assert.Panics(t, func() {
+		New(Config{
+			AllowOrigins: []string{"/http://google.com"},
+		})
+	})
+	assert.Panics(t, func() {
+		New(Config{
+			AllowOrigins: []string{"http?://google.com"},
+		})
+	})
+	assert.Panics(t, func() {
+		New(Config{
+			AllowOrigins: []string{"http?://google.com/g"},
+		})
+	})
 }
 
 func TestNormalize(t *testing.T) {
@@ -263,6 +278,15 @@ func TestValidateOrigin(t *testing.T) {
 	assert.True(t, cors.validateOrigin("https://google.com"))
 	assert.True(t, cors.validateOrigin("example.com"))
 	assert.True(t, cors.validateOrigin("chrome-extension://random-extension-id"))
+
+	cors = newCors(Config{
+		AllowOrigins: []string{"/https?://(?:.+\\.)?google\\.com/g"},
+	})
+	assert.True(t, cors.validateOrigin("http://google.com"))
+	assert.True(t, cors.validateOrigin("https://google.com"))
+	assert.True(t, cors.validateOrigin("https://maps.google.com"))
+	assert.True(t, cors.validateOrigin("https://maps.test.google.com"))
+	assert.False(t, cors.validateOrigin("https://maps.google.it"))
 }
 
 func TestPassesAllowOrigins(t *testing.T) {