We believe this Wildcard URL meets the validation rules as documented. We are wondering why this wildcard Allowed Origin URL appear to not be working.
The URL https://*.sub2.example.com meets the validation rules, but as documented it won’t actually work for certain scenarios, in particular, it won’t work for:
This is because the ‘www’ prefix is included as the first subdomain. The wildcard can’t match more than one subdomain and in this case they are attempting to match TWO subdomain levels (
If it is possible to remove the '
www' prefix from the URL and run the application from
https://sub1.sub2.example.com, that should work with the wildcard https://*.sub2.example.com.