Hey folks - wondering if I’m missing something in the CORS config docs or if my very special situation just isn’t supported.
I have to support two pretty different ecosystems:
- A chrome extension that runs everywhere and needs to support JWT-style auth via an Authentication header
- A proper application website on a specific domain that uses HTTP-only cookies for auth
For each of these individually, configuring CORS is easy:
- let it all through
cors:
allow_any_origin: true - a bit more config:
cors:
policies:
- origins:
- https://www.your-app.example.com
allow_credentials: true
However, I can’t do one OR the other. Is this not supported at all, or would I need to pass an empty array to policies and then handle in a rhai script? The only other alternative I can think of would be to deploy separate router infra and hit a separate endpoint based on CX vs. the app.
Open to other thoughts/ideas!