Setting Up Generic CORS (settings "Origin: *")

Technical Support
  • Re: CORS Setup

    The referenced thread mentions the ACP settings as the way of setting the CORS-related headers. However, when I look at the code behind these settings, it seems Access-Control-Allow-Origin is treated a bit differently than advertised. It checks every option there for a match with the requester, and only then appends that header.

    Doesn't this create a problem if I want my forum to be api-accessible from anywhere? If I set that setting to "*" (wildcard), the result is that this header is never sent, because no incoming domain equals "*".

    Is this a bug or is there something I'm missing?

  • Is it not working at the moment? What header value does the browser return?

    Have you tried setting the header with your reverse proxy instead? (Should work as a temporary solution)

  • Yeah, don't worry, it's not urgent and when I'm setting the specific host URL for my client it works. I just realized that looking at the code, setting "*" will not work. However, I also see now that you added '...Origin-regex' in the latest update, so I guess that is a fine workaround.

Suggested Topics