Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

cors headers #160

Closed
navinSing opened this issue Jan 13, 2016 · 13 comments
Closed

cors headers #160

navinSing opened this issue Jan 13, 2016 · 13 comments

Comments

@navinSing
Copy link

@navinSing navinSing commented Jan 13, 2016

how to add cors headers similar to haproxy's rspadd .. etc

This would be much needed and common feature.

Need a quick fix to add (cors) headers to outgoing messages .. for now.

for ex: in haproxy's backend we add ,..
rspadd Access-Control-Allow-Origin:
rspadd Access-Control-Headers:\

Restrictions on frontends can be added later.

@emilevauge

This comment has been minimized.

Copy link
Member

@emilevauge emilevauge commented Jan 14, 2016

Hi @navinSing, this is certainly an interesting feature. As Traefik uses negroni to manage network middlewares, we could use https://github.com/rs/cors to make it work.
This is not in my top priority for now, would you be interested to make a PR on that?

@navinSing

This comment has been minimized.

Copy link
Author

@navinSing navinSing commented Jan 14, 2016

Hi @emilevauge
can you please give an example to make it work .. rs/cors , or a possible way to intergrate the same for now, as this is blocker for me(any example for the workaround will be helpful); else would have to switch to some other frameworks.

@navinSing

This comment has been minimized.

Copy link
Author

@navinSing navinSing commented Jan 15, 2016

sorry still not sure how to do it .. like rspadd Access-Control-Allow-Origin:\ etc ..

in both frontends and backends

@emilevauge

This comment has been minimized.

Copy link
Member

@emilevauge emilevauge commented Jan 15, 2016

Hi @navinSing, as I said you can't do it right now, some dev is needed to make it work.

@navinSing

This comment has been minimized.

Copy link
Author

@navinSing navinSing commented Jan 15, 2016

any rough timelines..
don't have much hands on with golang ..

@sandstrom

This comment has been minimized.

Copy link

@sandstrom sandstrom commented May 19, 2016

Somewhat related, being able to modify (add/edit/remove) headers in the responses returned from backends would be nice (used for other things too). There is already a broader issue on this open: #30

Just trying to help with some issue-gardening. 🌳 🍃 🌷

@mathieu-pousse

This comment has been minimized.

Copy link

@mathieu-pousse mathieu-pousse commented Jun 7, 2016

@navinSing practically, it is up to your backend to add the CORS headers to the response and to tune the security more than to the reverse proxy.

@michaelkrog

This comment has been minimized.

Copy link

@michaelkrog michaelkrog commented Sep 22, 2016

@navinSing There are certainly situations where CORS from the backend is impractical.

We are in the process of dividing our backend from a monolith to many microservices. Together they expose one API. We do not want each of the services to decide the CORS header. We want one unified CORS header for the whole API – and that would fit nicely in our edge proxy.

Edit
Also, some of our services will be used by other public API's and they would need other CORS headers, when exposed there.

@zytek

This comment has been minimized.

Copy link

@zytek zytek commented Dec 12, 2016

We have >100 services under one API and would also prefer to manage headers on the loadbalancer itself.

@athoune

This comment has been minimized.

Copy link

@athoune athoune commented Feb 12, 2017

there is a lot of security related headers, not just CORS : https://blog.appcanary.com/2017/http-security-headers.html

@andrewmclagan

This comment has been minimized.

Copy link

@andrewmclagan andrewmclagan commented Apr 29, 2017

Any movement on this issue.?

I feel allot of people use traefik as an API gateway, having forward proxy features such as CORS is such a huge win in these cases. Draining the need for each service to manage it independently.

@ldez

This comment has been minimized.

Copy link
Member

@ldez ldez commented Apr 29, 2017

You can track those PR #1292 #1236

@ldez ldez added the priority/P2 label May 30, 2017
@ldez

This comment has been minimized.

Copy link
Member

@ldez ldez commented Jun 13, 2017

Closed by #1236.

@ldez ldez closed this Jun 13, 2017
@containous containous locked and limited conversation to collaborators Sep 1, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
10 participants
You can’t perform that action at this time.