The PR in comment 0 introduced a regression in 3.7 that would break the console when a regex were used so we should treat this as a blocker.

While installing the latest version of openshift (atomic-openshift-3.7.4-1.git.0.472090f.el7.x86_64) I ran into an issue when attempting to access the console.

Here is what the api logs on the master showed:
---
Nov 13 17:37:43 ip-172-31-52-55.ec2.internal atomic-openshift-master-api[55302]: I1113 17:37:43.739788   55302 wrap.go:42] GET /console/error?error=&error_description=&error_uri=: (122.196µs) 304 [[Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36] 172.31.50.4:22717]
---

The console stated that it had an error:
---
Error
An error has occurred


Return to the console.

---

Then I was pointed to look at the client side javascript which showed this error:
Failed to load https://api.opstest.openshift.com/apis/apiextensions.k8s.io/v1beta1: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://console.opstest.openshift.com' is therefore not allowed access.

After discussing the issue with Jordan, he stated that the regular expression in this PR wasn't quite correct:
https://github.com/openshift/openshift-ansible/pull/5264/files

It was starting at the beginning of the string with the \A (anchor) and was not including the protocol portion of the string.

It also does not include an optional :port.

The new PR https://github.com/openshift/openshift-ansible/pull/6104
attempts to encompass these.

I tested locally and it appeared to fix the console error.

To reproduce the console problem:
1. Install with changes from master
2. Visit the console of the cluster.  (My console was console.opstest.openshift.com)
3. Verify the console error appears.

Picked back into release-3.7 here https://github.com/openshift/openshift-ansible/pull/6107

Verified this bug with openshift-ansible-3.7.8-1.git.0.9a3db79.el7.noarch, and PASS.


corsAllowedOrigins:
- (?i)//127\.0\.0\.1(:|\z)
- (?i)//localhost(:|\z)
- (?i)//172\.18\.8\.68(:|\z)
- (?i)//54\.91\.243\.78(:|\z)
- (?i)//openshift\.default\.svc(:|\z)
- (?i)//kubernetes\.default(:|\z)
- (?i)//kubernetes\.default\.svc\.cluster\.local(:|\z)
- (?i)//kubernetes(:|\z)
- (?i)//openshift\.default(:|\z)
- (?i)//ec2\-54\-91\-243\-78\.compute\-1\.amazonaws\.com(:|\z)
- (?i)//172\.30\.0\.1(:|\z)
- (?i)//ip\-172\-18\-8\-68\.ec2\.internal(:|\z)
- (?i)//openshift\.default\.svc\.cluster\.local(:|\z)
- (?i)//kubernetes\.default\.svc(:|\z)
- (?i)//openshift(:|\z)
- (?i)//foo\.example\.com(:|\z)
- (?i)//bar\.example\.com(:|\z)


Because QE can not reproduce this bug in our own cluster, @Kenny, could you keep an eye on it, once it does not fix your issue, pls reopen this bug.

According to comment 5, move this bug to "VERIFIED".

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:3188