Utilizing cors and headers, we’ve been able to make a pretty solid API endpoint for our needs. Love the work external developers are doing on these fantastic plugins! Caddy has a fantastic community.

Recently, we’ve found the need for a Access-Control-Allow-Headers "If-Match" in our header section. However, I only want to send this header for specific incoming methods, in this case, only on HEAD requests do we send back this header.

If anyone has any insight on how to accomplish this, it would be much appreciated!

/cc @captncraig

Access-Control-Allow-Headers is only ever supplied on the preflight request (HEAD) as per the specification. It should do exactly as you describe.

Relevant source: cors/cors.go at master · captncraig/cors · GitHub

Hmm, so maybe I’m doing this wrong. I should probably be adding If-Match under the cors config like so:

allowed_headers If-Match

@captncraig that look right?

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.