CORS Settings - all subdomains

latitude · August 12, 2016, 10:22am

Hello HAProxy Community!

I need a little assistance with CORS configuration.

I need to allow CORS from all subdomains on a domain, e.g. *.domain.com. I currently have the following config:

capture request header origin len 128
http-response add-header Access-Control-Allow-Origin %[capture.req.hdr(0)] if { capture.req.hdr(0) -m found }
rspadd Access-Control-Allow-Headers:\ Origin,\ X-Requested-With,\ Content-Type,\ Accept if { capture.req.hdr(0) -m found }

But I believe this allows wide open CORS. Is there a way to limit it to all subdomains on a domain?

Using HAProxy version 1.5.18

Thanks in advance!

avoinea · September 27, 2018, 7:05am

Replace:

with:

http-response add-header Access-Control-Allow-Origin %[capture.req.hdr(0)] if { capture.req.hdr(0) -m end domain.com }

Topic		Replies	Views
Unable to enable CORS in haproxy 1.5 Help!	1	4221	August 30, 2019
HAProxy CORS setup Help!	0	224	July 8, 2024
CORS configuration HELP! Help!	0	537	February 16, 2023
Haproxy 2.2 ( CORS proper Implementation) Help!	0	885	June 25, 2021
CORS configuration is not working on HAProxy. How to enable it properly? Help!	0	7006	June 7, 2020

CORS Settings - all subdomains

Related topics