Caddy 2.2 CORS setting in Caddyfile not working

1. Caddy version (caddy version):

v2.2.1 h1:Q62GWHMtztnvyRU+KPOpw6fNfeCD3SkwH7SfT1Tgt2c=

2. How I run Caddy:

a. System environment:

CentOS 7

b. Command:

caddy run --config /etc/caddy/Caddyfile

c. Service/unit/compose file:

None

d. My complete Caddyfile or JSON config:

(cors) {
        @origin{args.0} header Origin {args.0}
        header @origin{args.0} Access-Control-Allow-Origin "{args.0}"
}

myblog.com {
        root * /usr/share/file/my-blog
        file_server
        header Access-Control-Allow-Methods "POST, GET, OPTIONS, PUT"
        header Access-Control-Allow-Headers "*"
        import cors https://login.myblog.com
        tls me@gmail.com
        encode zstd gzip
}

3. The problem I’m having:

I submit a post request from https://myblog.com/login to https://login.myblog.com/auth/login which is an API.
I want to generate token from it.

However, in the browser console I got Origin https://myblog.com is not allowed by Access-Control-Allow-Origin.

But if I use Chrome extension Moesif CORS I can bypass this registration and everything works fine.

From my understanding I must messing up with the Cadyfile, could you please help me to find where I did wrong in the file?

4. Error messages and/or full log output:

Origin https://myblog.com is not allowed by Access-Control-Allow-Origin.

5. What I already tried:

Different format of the Caddyfile.

6. Links to relevant resources:

I think you have CORS backwards actually. Your login.myblog.com server is supposed to send CORS headers saying it allows being requested from myblog.com

Thank you for reply! You are right. I’m new to web development so I confused on CORS. Thank you for helping me out.

This topic was automatically closed after 30 days. New replies are no longer allowed.