lmeyer

@greenpau I have the exact same problem. I tried playing around with the CORS settings in my Caddyfile but to no avail. I have the HAR archive if you need...

Sent ! For context I have a Caddy container reverse proxying to subdomains pointing to several other containers .

@greenpau Actually trying your last suggestion got me forward. I added the `Access-Control` headers one by one as I was told they were missing from the browser console. Then I...

@greenpau Nevermind, it looked better because I saw some preflight requests going through but it just took longer to fail. Browser console is saying things like: > Same origin policy...

@greenpau After some tinkering I ended up with the same trick to fool preflight request as @rubydotexe, drawing inspiration from [this](https://enable-cors.org/server_nginx.html), in order to avoid the preflight requests and redirect...

Thanks for your answer @greenpau 1. The thing is I can't say `/api*` because I have several subdomains and thus containers reverse proxied, and they could have any path. I...

@greenpau Ok actually I just saw #24 and that was why it was expiring so fast. CORS issue are also solved (as in no console errors). There's just one minor...

@greenpau My bad, I did have a CORS issue initially 😅 The desired behavior should be that the redirect actually work as soon as the token is expired. But maybe...

@greenpau Yes, as I said in my [previous comment](https://github.com/greenpau/caddy-security/issues/90#issuecomment-1130219460). Session lifespan is fine now.

You should consider a way to disable this if the user wants to rely on external solutions. It would also be great if Caddy-security could provide an integration for [Crowdsec](https://crowdsec.net/)....