cors plugin: no way to set Origin dynamically per runtime environment

[BassOfLion]

When you generate Goa code with goa-gen the Origin has to be specified in your design. There is no way, as far as I can see, to set Origins based on some properties per desired environment runtime (production, test, local) so that for instance app that runs in the prod environment does not include Origins for test or local environment.

[tchssk]

Have you tried the environment variable?

https://pkg.go.dev/goa.design/plugins/v3@v3.19.1/cors/dsl#Origin

Optionally, you can specify the name of an environment variable instead, prefixed by a "$". The value you store in that environment variable follows the same rules as the above and can similarly be a regular expression.

cors.Origin("$ORIGIN") // Simple example to demonstrate using an environment variable

[BassOfLion]

@tchssk thanks for quick reply. I must have overlooked this line in the docs...

However, I tested this and it still has some limitations for my usage. cors.Origin("$ORIGIN") expects only one valid origin, not a list. So for instance, if I want to use only 2 valid Origins for localhost (http://localhost:3000 and http://somehing:3000), 3 for test, and 1 for prod then it will require to have 3 environment variables where 1 of them will not make sense for local and 2 for prod environments. Else goa cors plugin will throw panic.

Anyways, thanks for the help. I think I will just go over to use this library here https://github.com/rs/cors unless there will be some changes here. You may close the issue.

[tchssk]

The panic seems to be expected behavior, but I think it's fine for the handler to behave like without CORS in this situation.

How do you think? @raphael