I have a Caddyfile which 1) serves a PHP (Api-Platform) app and 2) handles mercure updates (compiled with xcaddy + mercure plugin), which basically looks like this:
So far so good. Now that my Mercure client effectively sends an Authorization header (I didn’t need that before), browser yells “Response to preflight request doesn’t pass access control check: It does not have HTTP ok status.”. So I assume that it performs an OPTIONS request that it did not before. And indeed, OPTIONS /.well-known/mercure returns 405.
So, I wanted to allow it by adding the following snippet, but it just doesn’t work (still 405 returned when i cURL it), wherever I put that snippet into the existing config. Did I miss something?
I didn’t want to ping him first, since it looked to me that it was more a caddy-related issue, considering that I can’t set a directive to respond 204 on a path + method matcher, whether that directive comes before or after the mercure one.
Caddyfile documentation is not 100% clear to me about “when” caddy considers the request is fully matched and responded and won’t execute further (or previous) directives.
Any help appreciated
Caddy sorts directives according to this defined order:
In the case of plugins (i.e. mercure, vulcain), those don’t have an order defined, so you either need to use the order global option to give them one, or use route to force the order to be the order you write it in your config.