Context

Cross-origin resource sharing (CORS) is a mechanism that allows some resources to be requested from another domain. This is usually the case for your application’s assets such as fonts or images you download from a CDN. If not configured properly, you might have errors downloading these assets.

The Scalingo platform does not inject or modify CORS headers in any way. This is the sole responsibility of the application.

On this documentation page, I will call CDN the server where your assets are stored and my-app your application hosted on Scalingo.

Configuration

On the CDN Side

The CDN must respond with the Access-Control-Allow-Origin header. The value associated to this header must be either a wildcard (*) or the domain name of your application (e.g. https://www.example.com or https://my-app.osc-fr1.scalingo.io).

On your application side

On your application side, you should include the Origin header with your domain name in it. Here is how to do it with various languages:

Examples

• Ruby: use a gem such as rack-cors,
• Node.js/Express: use a npm module such as cors,
• Go: various middlewares exist depending on the web framework you use: this one for the Gin framework, or that one for Martini. You can also have a look at this one which works on top of the standard library.