Added comment to clarify why we are using internals from Flask-CORS t…

…o check for regex
vantage6 · Mar 6, 2024 · 1bf1603 · 1bf1603
1 parent a67760a
commit 1bf1603
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/vantage6-server/vantage6/server/__init__.py b/vantage6-server/vantage6/server/__init__.py
@@ -153,6 +153,12 @@ def _warn_if_cors_regex(origins: str | list[str]) -> None:
         properly for socket events (Flask-SocketIO checks for string equality and does
         not use regex).
 
+        Note that we are using the `probably_regex` function from Flask-CORS to check
+        if the origins are probably regular expressions - the Flask implementation for
+        determining if it is a regex is a bit hacky (see
+        https://github.com/corydolphin/flask-cors/blob/3.0.10/flask_cors/core.py#L275-L285)
+        and Flask-CORS doesn't currently offer an opt out of regex's altogether.
+
         Parameters
         ----------
         origins: str | list[str]