Closed willstott101 closed 4 months ago
Hi, thanks for find this! Would you be able to submit a changelist to fix it? I'm not familiar with Caddy.
This works in Caddy2:
header {
Access-Control-Allow-Headers *
Access-Control-Allow-Methods *
Access-Control-Allow-Origin *
}
@options {
method OPTIONS
}
respond @options 204
Just fell into this trap and lost some hours to it, like probably hundreds or thousands of other people. enable-cors.org is the #1 site on google for "caddy cors" and the information has been wrong since Caddy 2 (which is widely branded just "caddy") came out, which is coming up for 4 years ago.
It's not just not working, enable-cors.org is actively giving incorrect information. If you can't update it, just remove it at least so it's not wrong.
Pull created.
Did you try my suggested fragment above? I'm using it in production on dozens of sites.
@joshbmarshall would you be able to create a change? I'm happy to approve, but I'm not familiar with Caddy to make the change myself. If its a matter of just copying/pasting the code from your snippet above, I can do that as well. I'd just like verification that that is the correct snippet. Thanks!
Sure thing I've just created a new page for Caddy 2 and a pull request. I'm using it in production with this setting so I know it is correct.
amazing, this is a way better fix than mine :)
The
cors
extension/directive isn't included by default in v2.run: adapting config using caddyfile: /etc/caddy/Caddyfile:28: unrecognized directive: cors
This post has a bit more information: https://caddy.community/t/v2-how-to-add-the-cors-authorization-via-caddyfile/6567/2
What I think should work is just using the
header
directive directly like this:However I've ended up solving my problem another way, so haven't tested enough to start a PR