CORS Settings - all subdomains


#1

Hello HAProxy Community!

I need a little assistance with CORS configuration.

I need to allow CORS from all subdomains on a domain, e.g. *.domain.com. I currently have the following config:

capture request header origin len 128
http-response add-header Access-Control-Allow-Origin %[capture.req.hdr(0)] if { capture.req.hdr(0) -m found }
rspadd Access-Control-Allow-Headers:\ Origin,\ X-Requested-With,\ Content-Type,\ Accept if { capture.req.hdr(0) -m found }

But I believe this allows wide open CORS. Is there a way to limit it to all subdomains on a domain?

Using HAProxy version 1.5.18

Thanks in advance!