Setting Up Generic CORS (settings "Origin: *")
Re: CORS Setup
The referenced thread mentions the ACP settings as the way of setting the CORS-related headers. However, when I look at the code behind these settings, it seems Access-Control-Allow-Origin is treated a bit differently than advertised. It checks every option there for a match with the requester, and only then appends that header.
Doesn't this create a problem if I want my forum to be api-accessible from anywhere? If I set that setting to
"*"(wildcard), the result is that this header is never sent, because no incoming domain equals
Is this a bug or is there something I'm missing?
Yeah, don't worry, it's not urgent and when I'm setting the specific host URL for my client it works. I just realized that looking at the code, setting "*" will not work. However, I also see now that you added '...Origin-regex' in the latest update, so I guess that is a fine workaround.