@raj wrote:
I am tried to enable CORS in haproxy 1.5 and getting error:
Access to XMLHttpRequest at ‘https://api.example.com/abc/v2/common/5d64f58d52796b00010b9cf7/dso’ from origin ‘https://sds.example.com’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.
frontend http-in bind *:80 mode http option forwardfor # Add CORS headers when Origin header is present capture request header origin len 50 http-response add-header Access-Control-Allow-Origin %[capture.req.hdr(0)] if { capture.req.hdr(0) -m found } rspadd Access-Control-Allow-Methods:\ GET,\ HEAD,\ OPTIONS,\ POST,\ PUT if { capture.req.hdr(0) -m found } rspadd Access-Control-Allow-Credentials:\ true if { capture.req.hdr(0) -m found } rspadd Access-Control-Allow-Headers:\ Origin,\ Accept,\ X-Requested-With,\ Content-Type,\ Access-Control-Request-Method,\ Access-Control-Request-Headers,\ Authorization if { capture.req.hdr(0) -m found } redirect scheme https code 301 if !{ ssl_fc } frontend https-in bind *:443 ssl crt-list /etc/haproxy/certs/crt-list.txt mode http capture request header origin len 50 # Add CORS headers when Origin header is present capture request header origin len 128 http-response add-header Access-Control-Allow-Origin %[capture.req.hdr(0)] if { capture.req.hdr(0) -m found } rspadd Access-Control-Allow-Methods:\ GET,\ HEAD,\ OPTIONS,\ POST,\ PUT if { capture.req.hdr(0) -m found } rspadd Access-Control-Allow-Credentials:\ true if { capture.req.hdr(0) -m found } rspadd Access-Control-Allow-Headers:\ Origin,\ Accept,\ X-Requested-With,\ Content-Type,\ Access-Control-Request-Method,\ Access-Control-Request-Headers,\ Authorization if { capture.req.hdr(0) -m found }
Posts: 1
Participants: 1