Hi

I have enabled Corsica in my Endpoint as such:

plug Corsica, max_age: 600, origins: "*", log: :info, allow_headers: ["accept", "content-type", "authorization", "origin"]

And If I make any requests to my domain, I see the correct access-control-allow-origin: * header.

However, if I request asses such as fonts, the header is not set

Why is this?

UPDATE:

Making any non-staticfile requests to the server logs:

Simple CORS request from Origin 'http://gitchecker.com' is allowed
HEAD /some_non_asset_path

If I request an asset, nothing is logged

It seems likely that the plug that serves static files comes before Corsica in the plug pipeline. Could that be the case?

Indeed it did and moving it fixed the problem. Much appreciated

@madshargreave no worries, my pleasure :)