bunkerweb icon indicating copy to clipboard operation
bunkerweb copied to clipboard
verified publisher icon bunkerity

[DOCUMENTATION] How to configure CORS for same-domain but all subdomains?

Open ppenguin opened this issue 3 years ago • 2 comments

What's needed and why ? I'm having a hard time finding out how to configure CORS for multiple subdomains, e.g. like done here in "vanilla" nginx.

How can this be achieved, and it would be very helpful to have this documented?

ppenguin avatar Jun 27 '22 17:06 ppenguin

Hello @ppenguin,

You should be able to do it using custom configuration at server context (NGINX) so server-http (BunkerWeb). More info here : https://docs.bunkerweb.io/1.4/quickstart-guide/#custom-configurations

Anyway, I agree that we need to have some documentation about CORS or maybe even a dedicated core plugin to support it.

fl0ppy-d1sk avatar Jun 28 '22 08:06 fl0ppy-d1sk

@fl0ppy-d1sk Thanks for the info, I'll try my luck (until now I've apparently also been running into syntax errors for my values to the related env vars, probably related to quoting)

Unrelated: the documentation is inconsistent where multiple (reverse proxy) env vars are concerned, i.e. it officially seems to use CUSTOM_HEADER_x with x a number, but also supports (which logically should probably even be mandatory to allow per-domain-application?) my.domain.com_CUSTOM_HEADER_x? So both the domain selector and a sequence (to allow multiple per domain) are presumably supported? To be fair, I might be referring to different sources that are "in the wild", but to counter that making the docs more explicit on that part might help.

ppenguin avatar Jul 01 '22 09:07 ppenguin

Hello @ppenguin,

BunkerWeb now supports CORS settings since 1.4.3, more info here : https://docs.bunkerweb.io/1.4/security-tuning/#cors

fl0ppy-d1sk avatar Aug 26 '22 18:08 fl0ppy-d1sk