-
Notifications
You must be signed in to change notification settings - Fork 4.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
set Access-Control-Allow-Origin header according to origin header #3686
Comments
@irgb I have a branch where I am working on creating CORS headers, but there is a fair bit of logic involved. Should have something up in the next few days. |
@dtomcej does this mean that when configured, Traefik returns not only the origin, but also "Vary: Origin" header? |
@gheibia This issue does not implement caching headers, since that can easily be configured by the current customheaders configuration. The If it does, it would be a follow-up feature request IMO |
Quoting mozilla's spec (mentioned in the PR):
From that I assumed the |
Good Catch on the
I don't think that is how it will work. From my research https://www.w3.org/TR/cors/#access-control-allow-origin-response-header, it would seem that only 3 options are available as a response:
I may be mis-reading the spec, but that's how I read it. |
No, you're right about how it should work. By
Of course, if the configuration is |
Closed by #3809. |
Feature
What did you expect to see?
It seems that traefik only support set Access-Control-Allow-Origin to a fixed value such as "Access-Control-Allow-Origin: *", "Access-Control-Allow-Origin: https://google.com" via traefik.frontend.headers.customResponseHeaders.
It would be better if we can set Access-Control-Allow-Origin to origin if origin satisfy requirements.
for example:
origin: http://domain1.google.com -> Access-Control-Allow-Origin: http://domain1.google.com
origin: http://domain2.google.com -> Access-Control-Allow-Origin: http://domain2.google.com
The text was updated successfully, but these errors were encountered: