Setting Up Generic CORS (settings "Origin: *")

Technical Support
Log in to reply
  • Ludvig Janiuk

    Re: CORS Setup

    The referenced thread mentions the ACP settings as the way of setting the CORS-related headers. However, when I look at the code behind these settings, it seems Access-Control-Allow-Origin is treated a bit differently than advertised. It checks every option there for a match with the requester, and only then appends that header.

    Doesn't this create a problem if I want my forum to be api-accessible from anywhere? If I set that setting to "*" (wildcard), the result is that this header is never sent, because no incoming domain equals "*".

    Is this a bug or is there something I'm missing?

    0
  • PitaJ
    Global Moderator Plugin & Theme Dev

    Is it not working at the moment? What header value does the browser return?

    Have you tried setting the header with your reverse proxy instead? (Should work as a temporary solution)

    0
  • Ludvig Janiuk

    Yeah, don't worry, it's not urgent and when I'm setting the specific host URL for my client it works. I just realized that looking at the code, setting "*" will not work. However, I also see now that you added '...Origin-regex' in the latest update, so I guess that is a fine workaround.

    0

Suggested Topics

| | |

Copyright © 2022 NodeBB | Contributors

Get Started

Resources

Company

Start Free Trial
Github Facebook Instagram Twitter
© 2014 – 2022 NodeBB, Inc. — Made in Canada.