Caddy 2.2 CORS setting in Caddyfile not working

1. Caddy version (caddy version):

v2.2.1 h1:Q62GWHMtztnvyRU+KPOpw6fNfeCD3SkwH7SfT1Tgt2c=

2. How I run Caddy:

a. System environment:

CentOS 7

b. Command:

caddy run --config /etc/caddy/Caddyfile

c. Service/unit/compose file:


d. My complete Caddyfile or JSON config:

(cors) {
        @origin{args.0} header Origin {args.0}
        header @origin{args.0} Access-Control-Allow-Origin "{args.0}"
} {
        root * /usr/share/file/my-blog
        header Access-Control-Allow-Methods "POST, GET, OPTIONS, PUT"
        header Access-Control-Allow-Headers "*"
        import cors
        encode zstd gzip

3. The problem I’m having:

I submit a post request from to which is an API.
I want to generate token from it.

However, in the browser console I got Origin is not allowed by Access-Control-Allow-Origin.

But if I use Chrome extension Moesif CORS I can bypass this registration and everything works fine.

From my understanding I must messing up with the Cadyfile, could you please help me to find where I did wrong in the file?

4. Error messages and/or full log output:

Origin is not allowed by Access-Control-Allow-Origin.

5. What I already tried:

Different format of the Caddyfile.

6. Links to relevant resources:

I think you have CORS backwards actually. Your server is supposed to send CORS headers saying it allows being requested from

1 Like

Thank you for reply! You are right. I’m new to web development so I confused on CORS. Thank you for helping me out. :smiling_face_with_three_hearts:


This topic was automatically closed after 30 days. New replies are no longer allowed.