How to configure CORS Headers

[mikemorton]

Is there a way to turn off the Access-Control-Allow-Origin: * headers? I found #12 which indicates that there is support for tinkering with this but all of my googling for how to actually manipulate settings just takes me back to that Issue.

Any help appreciated!

[michaelklishin]

Thank you for your time.

Team RabbitMQ uses GitHub issues for specific actionable items engineers can work on. GitHub issues are not used for questions, investigations, root cause analysis, discussions of potential issues, etc (as defined by this team).

We get at least a dozen of questions through various venues every single day, often light on details. At that rate GitHub issues can very quickly turn into a something impossible to navigate and make sense of even for our team. Because GitHub is a tool our team uses heavily nearly every day, the signal/noise ratio of issues is something we care about a lot.

Please post this to rabbitmq-users.

Thank you.

[michaelklishin]

A quick inspection of our WebSocket handler suggests that this is not something that we configure. I suspect that #12 ended up supporting it in Cowboy (the HTTP/WebSocket server we embed) and providing a default. Moved to #127 with more specifics.

[mikemorton]

Okay thank you Michael I'll look into the cowboy configuration.

[michaelklishin]

The only way I know to configure CORS or any other headers in Cowboy is by using a function. As far as I understand it has to happen in our own code, there is no setting for Cowboy. I can be wrong but either way, it would not be obvious to most users.