Setting Up Generic CORS (settings "Origin: *")
-
Re: CORS Setup
The referenced thread mentions the ACP settings as the way of setting the CORS-related headers. However, when I look at the code behind these settings, it seems Access-Control-Allow-Origin is treated a bit differently than advertised. It checks every option there for a match with the requester, and only then appends that header.
Doesn't this create a problem if I want my forum to be api-accessible from anywhere? If I set that setting to
"*"(wildcard), the result is that this header is never sent, because no incoming domain equals"*".Is this a bug or is there something I'm missing?
-
Is it not working at the moment? What header value does the browser return?
Have you tried setting the header with your reverse proxy instead? (Should work as a temporary solution)
-
Yeah, don't worry, it's not urgent and when I'm setting the specific host URL for my client it works. I just realized that looking at the code, setting "*" will not work. However, I also see now that you added '...Origin-regex' in the latest update, so I guess that is a fine workaround.
