CORS - Origin, getting referrer

1. My Caddy version (caddy version):

2.0 beta 20

2. How I run Caddy:

/var/www/caddy/caddy run --config /var/www/caddy/Caddyfile --resume --environ

a. System environment:

Ubuntu, systemd

d. My complete Caddyfile or JSON config:

        encode gzip
        header {   
                Access-Control-Allow-Credentials true
                Access-Control-Allow-Headers Cache-Control,Content-Type
                Access-Control-Allow-Origin {http.request.header.Referer}

3. The problem I’m having:

In the above config I’m attempting to set the Access-Control-Allow-Origin to be variable based on the user’s origin. I have 3 sites that need access to the API, however to have credentials allowed you cannot use * it needs to specify the domain.

With caddy 1, you were able to specify a list with the cors plugin, I’m trying to figure out how to replicate a similar functionality

4. Error messages and/or full log output:


5. What I already tried:

I’ve checked out the variables here JSON Config Structure - Caddy Documentation and have tried using the http.request.header.Referer value, however that will be the complete URL and I need just the host portion.

If a new variable needs to be added for this I would suggest http.request.origin

6. Links to relevant resources:

Thanks for the question! Can you file an issue to request this feature? Then I won’t forget about it. Sign in to GitHub · GitHub

done: Ddd origin as a variable for CORS settings · Issue #3206 · caddyserver/caddy · GitHub

1 Like

Don’t you want the Origin header instead?

alright must have been a brain fart on my end… I thought I had tried that and was also having issues.

I’ll check we get that on the OPTIONS request as well as the GET/POST/Whatever

1 Like

Yeah, you’re right, I must have made a typo or something while trying it.

I think an alias for this might still be helpful thou in restricting the list of domains. right now i’m using rewrite based on the filters to redirect those with a bad origin.

Great, so, does it work for you now? What kind of alias are you referring to?

Can you share? I want to see!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.