Cross-Origin Resource Sharing (CORS)

Context

Cross-origin resource sharing (CORS) is a mechanism that allows some resources to be requested from another domain. This is usually the case for your application’s assets such as fonts or images you download from a CDN. If not configured properly, you might have errors downloading these assets.

On this documentation page, I will call CDN the server where your assets are stored and my-app your application hosted on Scalingo.

Configuration

On the CDN Side

The CDN must respond with the Access-Control-Allow-Origin header. The value associated to this header must be either a wildcard (*) or the domain name of your application (e.g. https://www.example.com or https://my-app.osc-fr1.scalingo.io).

On your application side

On your application side, you should include the Origin header with your domain name in it. Here is how to do it with various languages:

Examples

  • Ruby: use a gem such as rack-cors,
  • Node.js/Express: use a npm module such as cors,
  • Go: various middlewares exist depending on the web framework you use: this one for the Gin framework, or that one for Martini. You can also have a look at this one which works on top of the standard library.

Suggest edits

Cross-Origin Resource Sharing (CORS)

©2023 Scalingo