Is that supposed to happen in the JSON file or the originating request?
This was working as expected until 2.5.0
If it’s the JSON file, are we now locked out until we fix it on each machine? To fix, would we have to have it load a generic Caddy file, then re-insert our JSON with the fixes?
Looking for the solution with the path of least resistance.
If true, CORS headers will be emitted, and requests to the API will be rejected if their Host and Origin headers do not match the expected value(s). Use origins to customize which origins/hosts are allowed. If origins is not set, the listen address is the only value allowed by default. Enforced only on local (plaintext) endpoint.
So set the Origin header on your request: Origin: http://localhost:2019.
You’re not locked out. You can use caddy load for example. Or just set the Origin header in your request to the proper value.
We have an installer, and it calls “sudo caddy trust” and if this is the first time run, where we have not added our JSON, this works. But, once JSON is added, running a new installer instance is having an issue.
$ sudo caddy trust --address "http://localhost:2019"
trust: requesting CA info: performing request: Get "http:///localhost:2019/pki/local/certificates": http: no Host in request URL
I am not sure if this is a visual display or if it actually added 3 forward slashes here: http:/// and tried to use that.
Well, two things. First, the address should just be the domain/port, should not include the scheme. It’s the same thing as you would have in your config.
We don’t schedule our releases. You’re best off to build from source for now. It’s really just v2.5.0 plus that one commit; there’s no concern of instability.
This is a very interesting thread. It feels like on that thread SSH was being used (instead of HTTP as in here) and enforce_origin does not (yet?) work on SSH.
It’s possible enforce_origin will never work on SSH (and if it should not, Caddy should reject that configuration) - but should we discuss this there or should I open a new thread?