From 8108ba8b8f3b1b31670314419f9cd9c35b5f78fe Mon Sep 17 00:00:00 2001
From: Rebecca Hsieh <rebecca.hsieh@truss.works>
Date: Tue, 7 Nov 2023 15:35:45 -0800
Subject: [PATCH 1/3] Adding cors regex

---
 src/registrar/config/settings.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/registrar/config/settings.py b/src/registrar/config/settings.py
index 896691efb..90ca1c421 100644
--- a/src/registrar/config/settings.py
+++ b/src/registrar/config/settings.py
@@ -300,7 +300,7 @@ CSP_FORM_ACTION = allowed_sources
 # Sets clients that allow access control to manage.get.gov
 # TODO: remove :8080 to see if we can have all localhost access
 CORS_ALLOWED_ORIGINS = ["http://localhost:8080", "https://beta.get.gov"]
-
+CORS_ALLOWED_ORIGIN_REGEXES = [r"https://\w+\.sites\.pages\.cloud\.gov/"]
 
 # Content-Length header is set by django.middleware.common.CommonMiddleware
 

From b67bdc85cab74d1cff7c941166f1a27e515ec2f3 Mon Sep 17 00:00:00 2001
From: Rebecca Hsieh <rebecca.hsieh@truss.works>
Date: Tue, 7 Nov 2023 15:47:40 -0800
Subject: [PATCH 2/3] Fix regex

---
 src/registrar/config/settings.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/registrar/config/settings.py b/src/registrar/config/settings.py
index 90ca1c421..2a0a205ea 100644
--- a/src/registrar/config/settings.py
+++ b/src/registrar/config/settings.py
@@ -300,7 +300,7 @@ CSP_FORM_ACTION = allowed_sources
 # Sets clients that allow access control to manage.get.gov
 # TODO: remove :8080 to see if we can have all localhost access
 CORS_ALLOWED_ORIGINS = ["http://localhost:8080", "https://beta.get.gov"]
-CORS_ALLOWED_ORIGIN_REGEXES = [r"https://\w+\.sites\.pages\.cloud\.gov/"]
+CORS_ALLOWED_ORIGIN_REGEXES = [r"https:\/\/[\w-]+\.sites\.pages\.cloud\.gov"]
 
 # Content-Length header is set by django.middleware.common.CommonMiddleware
 

From 802f8092a7c98f7b527390c905e9c9c415076d83 Mon Sep 17 00:00:00 2001
From: Rebecca Hsieh <rebecca.hsieh@truss.works>
Date: Wed, 8 Nov 2023 08:43:58 -0800
Subject: [PATCH 3/3] Test removal of backslashes

---
 src/registrar/config/settings.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/registrar/config/settings.py b/src/registrar/config/settings.py
index 2a0a205ea..37c661e16 100644
--- a/src/registrar/config/settings.py
+++ b/src/registrar/config/settings.py
@@ -300,7 +300,7 @@ CSP_FORM_ACTION = allowed_sources
 # Sets clients that allow access control to manage.get.gov
 # TODO: remove :8080 to see if we can have all localhost access
 CORS_ALLOWED_ORIGINS = ["http://localhost:8080", "https://beta.get.gov"]
-CORS_ALLOWED_ORIGIN_REGEXES = [r"https:\/\/[\w-]+\.sites\.pages\.cloud\.gov"]
+CORS_ALLOWED_ORIGIN_REGEXES = [r"https://[\w-]+\.sites\.pages\.cloud\.gov"]
 
 # Content-Length header is set by django.middleware.common.CommonMiddleware