Forum

Hello,

I am helping someone to move to Hiawatha from Nginx he currently uses the following kind of cors headers:

(from nginx config):

set $my_host $http_host;
if ($http_host ~ "www.ulyaoth.net") {
  set $my_host "ulyaoth.net";
}

set $cors "";
if ($http_origin ~* (.*\.ulyaoth.net)) {
  set $cors "true";
}

if ($request_method = 'OPTIONS') {
  set $cors "${cors}options";
}

if ($request_method = 'GET') {
  set $cors "${cors}get";
}

if ($request_method = 'POST') {
  set $cors "${cors}post";
}

if ($cors = "trueget") {
  add_header 'Access-Control-Allow-Origin' "$http_origin";
  add_header 'Access-Control-Allow-Credentials' 'true';
}

if ($cors = "truepost") {
  add_header 'Access-Control-Allow-Origin' "$http_origin";
  add_header 'Access-Control-Allow-Credentials' 'true';
}

if ($cors = "trueoptions") {
  add_header 'Access-Control-Allow-Origin' "$http_origin";
  add_header 'Access-Control-Allow-Credentials' 'true';
  add_header 'Access-Control-Max-Age' 1728000;
  add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS';
  add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type';
  return 204;
}

I know there is the customheader option but I am not sure how you would do it on the request method?
Is there a way to do the same with Hiawatha perhaps?

Why is this sort of stuff placed in the webserver configuration and not where it really belongs: inside the application's code?

In this case it is a 3th party application on the backend that he has no influence over, he requested it but without them fixing that he has to do it this way unfortunately. :/

Hiawatha does not support it, and it never will. The webserver configuration is not the place to fix bad programming.