CODEWITHSUNDEEP
httpcorshaproxy
wikisky
wikisky

Reputation: 345

Issues with setting up HAProxy to properly return CORS headers

I need help with CORS headers and HAProxy configuration.

I have added following in haproxy config:

    # Add CORS headers when Origin header is present
capture request header origin len 128
http-response set-header Access-Control-Allow-Origin %[capture.req.hdr(0)] if { capture.req.hdr(0) -m found }
http-response set-header Access-Control-Allow-Methods GET,\ HEAD,\ OPTIONS,\ POST,\ PUT if { capture.req.hdr(0) -m found }
http-response set-header Access-Control-Allow-Credentials true if { capture.req.hdr(0) -m found }
http-response set-header Access-Control-Allow-Headers X-Stream-Output,\ X-Chunked-Output,\ X-Content-Length if { capture.req.hdr(0) -m found }
http-response set-header Access-Control-Expose-Headers X-Stream-Output,\ X-Chunked-Output,\ X-Content-Length if { capture.req.hdr(0) -m found }

It seems it returns CORS headers to the browser, but I'm still getting 403 Forbidden on JSON calls from browser. Here's the URL I'm trying to call:

https://ipfs.blockchaingraph.org:5001/api/v0/cat/QmdKPs1N6gH3R62BGssakAaEdFv14rp6fVVQy36yzdFQdT

When I try to call 3-rd party similar query it works just fine:

https://ipfs.infura.io:5001/api/v0/cat/QmdKPs1N6gH3R62BGssakAaEdFv14rp6fVVQy36yzdFQdT

I compared headers from both responses. Both look similar. I'm puzzled what am I missing here.

I suspect back-end server is blocking requests based on some headers. I tried to remove Origin : "http-request del-header Origin", but it didn't help

Upvotes: 1

Views: 3754

Answers (1)

wikisky
wikisky

Reputation: 345

Yes, it was back-end server rejecting requests. The issue gone when I added referer header deletion in haproxy config:

http-request del-header Origin
http-request del-header Referer

Upvotes: 1

Related Questions