Enable Cors on my webserver

1. Output of caddy version:


2. How I run Caddy:

I run Caddy on a VPS at Digital Ocean, did not install it using docker, for my domain panamasoberano.com

a. System environment:

Ubuntu 22.04 LTS

b. Command:

sudo systemctl start caddy.service

c. Service/unit/compose file:

Paste full file contents here.
Make sure backticks stay on their own lines,
and the post looks nice in the preview pane. -->

d. My complete Caddy config:

(cors) {
  @cors_preflight method OPTIONS
  @cors header Origin {args.0}

  handle @cors_preflight {
    header Access-Control-Allow-Origin "{args.0}"
    header Access-Control-Allow-Methods "GET, POST, PUT, PATCH, DELETE"
    header Access-Control-Allow-Headers "Content-Type"
    header Access-Control-Max-Age "3600"
    respond "" 204

  handle @cors {
    header Access-Control-Allow-Origin "{args.0}"
    header Access-Control-Expose-Headers "Link"

panamasoberano.com {
                # Set this path to your site's directory.

         root * /var/www/
#        root * /usr/share/caddy

        # Enable the static file server.
        import cors https://panamasoberano.com
#       import cors https://panamasoberano.com/.well-known/nostr.json
        # Another common task is to set up a reverse proxy:
        # reverse_proxy localhost:8080

        # Or serve a PHP site through php-fpm:
        # php_fastcgi localhost:9000


3. The problem I’m having:

I just want to use CORS with my webserver and replicate what it is done on nginx just by adding add_header Access-Control-Allow-Origin *; to configuration, the file on my server that needs to use CORS is located here: https://panamasoberano.com/www/.well-known/nostr.json

So I google how to enable CORS on Caddy but so far everything I tried didn’t worked. if anyone can help I will appreciate it, thanks.

4. Error messages and/or full log output:

Paste logs/commands/output here.

5. What I already tried:

6. Links to relevant resources:

Any recommendations?

What’s your evidence that it didn’t work?

You’ll need to be more specific. You haven’t shown us your logs, nor a reproduce case to show that there’s a problem.

Well @francislavoie you are right, I don’t know for sure if it is working since I don’t even know where the logs are located, I’m a total newbie, but I tested the site at https://www.test-cors.org/ from the results my assumption is that something is wrong but I can be totally wrong, and these were the results from that site:


var createCORSRequest = function(method, url) {
var xhr = new XMLHttpRequest();
if (“withCredentials” in xhr) {
// Most browsers.
xhr.open(method, url, true);
} else if (typeof XDomainRequest != “undefined”) {
// IE8 & IE9
xhr = new XDomainRequest();
xhr.open(method, url);
} else {
// CORS not supported.
xhr = null;
return xhr;

var url = ‘https://panamasoberano.com’;
var method = ‘GET’;
var xhr = createCORSRequest(method, url);

xhr.onload = function() {
// Success code goes here.

xhr.onerror = function() {
// Error code goes here.


This topic was automatically closed after 30 days. New replies are no longer allowed.