Setting Up Generic CORS (settings "Origin: *")
Ludvig Janiuk last edited by PitaJ
Re: CORS Setup
The referenced thread mentions the ACP settings as the way of setting the CORS-related headers. However, when I look at the code behind these settings, it seems Access-Control-Allow-Origin is treated a bit differently than advertised. It checks every option there for a match with the requester, and only then appends that header.
Doesn't this create a problem if I want my forum to be api-accessible from anywhere? If I set that setting to
"*"(wildcard), the result is that this header is never sent, because no incoming domain equals
Is this a bug or is there something I'm missing?
Is it not working at the moment? What header value does the browser return?
Have you tried setting the header with your reverse proxy instead? (Should work as a temporary solution)
Ludvig Janiuk last edited by
Yeah, don't worry, it's not urgent and when I'm setting the specific host URL for my client it works. I just realized that looking at the code, setting "*" will not work. However, I also see now that you added '...Origin-regex' in the latest update, so I guess that is a fine workaround.