search

greenpau / caddy-security

🔐 Authentication, Authorization, and Accounting (AAA) App and Plugin for Caddy v2. 💎 Implements Form-Based, Basic, Local, LDAP, OpenID Connect, OAuth 2.0 (Github, Google, Facebook, Okta, etc.), SAML Authentication. MFA/2FA with App Authenticators and Yubico. 💎 Authorization with JWT/PASETO tokens. 🔐
https://authcrunch.com/
Apache License 2.0
1.49k stars 73 forks source link

question: Preflight requests #312

Open rowanstrydom opened 9 months ago

rowanstrydom commented 9 months ago

A clear and concise description of what you want to accomplish.

I have a very basic caddy file setup which works perfectly. But when requesting a resource from my UI, preflight fails

{
  debug
  order authenticate before respond
  order authorize before basicauth
  security {
      authorization policy acl_policy {
        crypto key verify from env IMAGINARIO_AUTH_JWT_SIGNING_SECRETE
        crypto key token name jwt_access_token
        validate bearer header
        allow roles anonymous
        validate path acl
        disable auth redirect
    }
  }
}

:8080 {
  header {
      Access-Control-Allow-Origin *
      Access-Control-Allow-Methods "GET, OPTIONS"
      Access-Control-Allow-Headers "Authorization, Content-Type"
      Access-Control-Allow-Credentials true
  }
  root * {env.PERSISTENT_STORAGE_DIR}
  route /* {
    authorize with acl_policy
    file_server browse
    }
}

How can I return a 204 for any preflight requests?

Preflight requests