Hi folks.
I override CORS on haproxy level for some origin.
I use next rules:
frontend
...
http-request set-var(txn.origin) req.hdr(Origin)
acl override_cors var(txn.origin) -m end -i console.XXX
acl override_cors var(txn.origin) -m sub -i console.XXX
http-request set-var(txn.override_cors) bool(false) unless override_cors
http-request set-var(txn.override_cors) bool(true) if override_cors
use_backend backend
backend
...
http-response add-header Vary Origin if { var(txn.origin) -m len gt 1 }
acl override_cors var(txn.override_cors),bool
acl res_status_403 status eq 403
http-response set-status 200 if res_status_403 override_cors METH_OPTIONS
http-response set-header Content-Length 0 if override_cors METH_OPTIONS
http-response set-header Access-Control-Allow-Headers origin,\ content-length,\ content-type,\ content-md5 if override_cors
http-response set-header Access-Control-Allow-Origin %[var(txn.origin)] if override_cors
http-response set-header Access-Control-Allow-Methods GET,\ HEAD,\ POST,\ OPTIONS,\ PUT,\ DELETE if override_cors
http-response set-header Access-Control-Max-Age 600 if override_cors
...
it works perfectly but my real backend server sends me back 403 with some xml-body. As you can see, i override headers but body sands to clients as is.
How can i drop the body of real server response? Or how can i do not send request to the real server?
haproxy version is 1.8.8 without LUA.