zach-overflow opened a new issue, #52155: URL: https://github.com/apache/airflow/issues/52155
### Description Currently, Airflow's `api` section's [`access_control_allow_origins`](https://airflow.apache.org/docs/apache-airflow/3.0.2/security/api.html#enabling-cors) option can only specify a wildcard (`*`) or the exact protocol-host-port values (e.g. `http://localhost:1234,https://localhost443`. Ideally, Airflow's `api` config could also support a regex pattern for the allowed origins. ### Use case/motivation Since the various Airflow API `access_control_allow_*` config options are [fed directly into FastAPIs `CORSMiddleware`](https://github.com/apache/airflow/blob/3.0.2/airflow-core/src/airflow/api_fastapi/core_api/app.py#L140-L151), and since that middleware class [has an optional `allow_origin_regex` argument](https://fastapi.tiangolo.com/tutorial/cors/#use-corsmiddleware), it seems natural to extend Airflow's CORS config options to support that field as well. This could prove particularly useful for Airflow deployments which may interact with frontend components operating with dynamic hostnames, as just one example. ### Related issues _No response_ ### Are you willing to submit a PR? - [x] Yes I am willing to submit a PR! ### Code of Conduct - [x] I agree to follow this project's [Code of Conduct](https://github.com/apache/airflow/blob/main/CODE_OF_CONDUCT.md) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@airflow.apache.org.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
