CORS Settings - all subdomains

latitude · August 12, 2016, 10:22am

Hello HAProxy Community!

I need a little assistance with CORS configuration.

I need to allow CORS from all subdomains on a domain, e.g. *.domain.com. I currently have the following config:

capture request header origin len 128
http-response add-header Access-Control-Allow-Origin %[capture.req.hdr(0)] if { capture.req.hdr(0) -m found }
rspadd Access-Control-Allow-Headers:\ Origin,\ X-Requested-With,\ Content-Type,\ Accept if { capture.req.hdr(0) -m found }

But I believe this allows wide open CORS. Is there a way to limit it to all subdomains on a domain?

Using HAProxy version 1.5.18

Thanks in advance!

avoinea · September 27, 2018, 7:05am

Replace:

with:

http-response add-header Access-Control-Allow-Origin %[capture.req.hdr(0)] if { capture.req.hdr(0) -m end domain.com }

Topic		Replies	Views
Haproxy: Redirect and pass sub-domain value Help!	1	694	May 30, 2021
HAProxy, single domain name, multiple subdomains with SSL Help!	8	9449	March 25, 2019
How to replace domain in haproxy request? Help!	6	3873	March 4, 2022
Lua Cors policy url rewrite Help!	0	614	November 30, 2021
Haproxy redirections with ssl Help!	1	805	April 26, 2017

CORS Settings - all subdomains

Related Topics