-
-
Save ryanburnette/d13575c9ced201e73f8169d3a793c1a3 to your computer and use it in GitHub Desktop.
| (cors) { | |
| @cors_preflight{args.0} method OPTIONS | |
| @cors{args.0} header Origin {args.0} | |
| handle @cors_preflight{args.0} { | |
| header { | |
| Access-Control-Allow-Origin "{args.0}" | |
| Access-Control-Allow-Methods "GET, POST, PUT, PATCH, DELETE, OPTIONS" | |
| Access-Control-Allow-Headers * | |
| Access-Control-Max-Age "3600" | |
| defer | |
| } | |
| respond "" 204 | |
| } | |
| handle @cors{args.0} { | |
| header { | |
| Access-Control-Allow-Origin "{args.0}" | |
| Access-Control-Expose-Headers * | |
| defer | |
| } | |
| } | |
| } | |
| myawesomewebsite.com { | |
| root * /srv/public/ | |
| file_server | |
| import cors https://member.myawesomewebsite.com | |
| import cors https://customer.myawesomewebsite.com | |
| } |
thank you. save my day.
@prawee Glad to hear it. I just updated the gist to include good advice from the comments.
I added the line:
header @origin{args.0} Access-Control-Allow-Headers "content-type, x-requested-with"
without it, I got the error: "[...] blocked by CORS policy: Request header field content-type is not allowed by Access-Control-Allow-Headers in preflight response"
@DER-SSt Thanks!
yes, thanks for the code!
(cors) {
@cors_preflight{args.0} method OPTIONS
@cors{args.0} header Origin {args.0}
handle @cors_preflight{args.0} {
header {
Access-Control-Allow-Origin "{args.0}"
Access-Control-Allow-Methods "GET, POST, PUT, PATCH, DELETE, OPTIONS"
Access-Control-Allow-Headers *
Access-Control-Max-Age "3600"
defer #turn on defer on your header directive to make sure the new header values are set after proxying
}
respond "" 204
}
handle @cors{args.0} {
header {
Access-Control-Allow-Origin "{args.0}"
Access-Control-Expose-Headers *
defer
}
}
}
myawesomewebsite.com {
root * /srv/public/
file_server
import cors https://member.myawesomewebsite.com
import cors https://customer.myawesomewebsite.com
}
Yes, it is 👍
reference: https://kalnytskyi.com/posts/setup-cors-caddy-2/
(cors) { @cors_preflight{args.0} method OPTIONS @cors{args.0} header Origin {args.0} handle @cors_preflight{args.0} { header { Access-Control-Allow-Origin "{args.0}" Access-Control-Allow-Methods "GET, POST, PUT, PATCH, DELETE, OPTIONS" Access-Control-Allow-Headers * Access-Control-Max-Age "3600" defer #turn on defer on your header directive to make sure the new header values are set after proxying } respond "" 204 } handle @cors{args.0} { header { Access-Control-Allow-Origin "{args.0}" Access-Control-Expose-Headers * defer } } }myawesomewebsite.com { root * /srv/public/ file_server import cors https://member.myawesomewebsite.com import cors https://customer.myawesomewebsite.com }
import cors https://member.myawesomewebsite.com
import cors https://customer.myawesomewebsite.com
Two errors reported
Thank you @C8opmBM and @mmm8955405. Gist update to reflect your suggestions.
@ryanburnette This is finally making it onto the Webi cheatsheet: https://webinstall.dev/caddy
(though right now it's just in preview at https://next.webinstall.dev/caddy)
When you want to enable CORS for ANY domain, you have to use next configuration:
This is really a very rare case, but in my practice I often configure the caddy in such a way that it stands behind the traefik and is responsible for different domains.
(cors) {
@cors_preflight method OPTIONS
header {
Access-Control-Allow-Origin "{header.origin}"
Vary Origin
Access-Control-Expose-Headers "Authorization"
Access-Control-Allow-Credentials "true"
}
handle @cors_preflight {
header {
Access-Control-Allow-Methods "GET, POST, PUT, PATCH, DELETE"
Access-Control-Max-Age "3600"
}
respond "" 204
}
}
http:// {
root * /srv/public/
file_server
import cors {header.origin}
}
Feel free to change exposed headers, methods etc :)
@mildsunrise To enable
OPTIONSfor the preflight request: