dfang/gist:3272ff8dd4cbf0309bf7350c08b5a316

## gistfile1.md

      
    Raw
  

              gistfile1.md
            
          
    (cors) {
        @cors_preflight{args.0} method OPTIONS
        @cors{args.0} header Origin {args.0}
        # @cors{args.0} header Origin "{args.0} Vary Origin"
        # You should always append Vary: Origin header when you want to use multiple URLs, see: fetch.spec.whatwg.org/#cors-protoc ol-and-http-caches
        handle @cors_preflight{args.0} {
                header {
                        Access-Control-Allow-Origin "{args.0}"
                        Access-Control-Allow-Methods "GET, POST, PUT, PATCH, DELETE, OPTIONS"
                        # Access-Control-Allow-Headers *
                        Access-Control-Allow-Headers "Access-Control-Allow-Headers, Origin, Accept, X-Requested-With, Content-Type , Access-Control-Request-Method, Access-Control-Request-Headers, x-client-info, authorization, x-upsert, cache-control, apikey"
                        Access-Control-Allow-Credentials "true"
                        Access-Control-Max-Age "3600"
                        defer
                }
                respond "" 204
        }
        handle @cors{args.0} {
                header {
                        Access-Control-Allow-Origin "{args.0}"
                        Access-Control-Expose-Headers *
                        # Access-Control-Allow-Headers *
                        Access-Control-Allow-Headers "Authorization"
                        Access-Control-Allow-Credentials "true"
                        defer
               }
        }
}


(cors) {
        @cors_preflight{args.0} method OPTIONS
        @cors{args.0} header Origin {args.0}

        handle @cors_preflight{args.0} {
                header {
                        Access-Control-Allow-Origin "{args.0}"
                        Access-Control-Allow-Methods "GET, POST, PUT, PATCH, DELETE, OPTIONS"
                        Access-Control-Allow-Headers *
                        Access-Control-Max-Age "3600"
                        defer   #turn on defer on your header directive to make sure the new header values are set after proxying
                }
                respond "" 204
        }

        handle @cors{args.0} {
                header {
                        Access-Control-Allow-Origin "{args.0}"
                        Access-Control-Expose-Headers *
                        defer
                }
        }
}

mysite.com {
    import cors https://api.mysite.com
    import cors http://localhost:8080
    reverse_proxy http://localhost:12345
}