HAProxy community

Unable to enable CORS in haproxy 1.5

I am tried to enable CORS in haproxy 1.5 and getting error:

Access to XMLHttpRequest at ‘https://api.example.com/abc/v2/common/5d64f58d52796b00010b9cf7/dso’ from origin ‘https://sds.example.com’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

frontend  http-in
        bind *:80
        mode http
        option forwardfor

    # Add CORS headers when Origin header is present
    capture request header origin len 50
    http-response add-header Access-Control-Allow-Origin %[capture.req.hdr(0)] if { capture.req.hdr(0) -m found }
    rspadd Access-Control-Allow-Methods:\ GET,\ HEAD,\ OPTIONS,\ POST,\ PUT  if { capture.req.hdr(0) -m found }
    rspadd Access-Control-Allow-Credentials:\ true  if { capture.req.hdr(0) -m found }
    rspadd Access-Control-Allow-Headers:\ Origin,\ Accept,\ X-Requested-With,\ Content-Type,\ Access-Control-Request-Method,\ Access-Control-Request-Headers,\ Authorization  if { capture.req.hdr(0) -m found }
redirect scheme https code 301 if !{ ssl_fc }

frontend  https-in
        bind *:443 ssl crt-list /etc/haproxy/certs/crt-list.txt
        mode http
        capture request header origin len 50
# Add CORS headers when Origin header is present
    capture request header origin len 128
    http-response add-header Access-Control-Allow-Origin %[capture.req.hdr(0)] if { capture.req.hdr(0) -m found }
    rspadd Access-Control-Allow-Methods:\ GET,\ HEAD,\ OPTIONS,\ POST,\ PUT  if { capture.req.hdr(0) -m found }
    rspadd Access-Control-Allow-Credentials:\ true  if { capture.req.hdr(0) -m found }
    rspadd Access-Control-Allow-Headers:\ Origin,\ Accept,\ X-Requested-With,\ Content-Type,\ Access-Control-Request-Method,\ Access-Control-Request-Headers,\ Authorization  if { capture.req.hdr(0) -m found }


I can you help with what haproxy does or doesn’t do, I cannot help with troubleshooting browser security features.

Please show what headers haproxy add’s and what you expect instead. Use curl -vv to generate such a request and post the output.