No CORS headers on statically served files
madshargreave opened this issue · comments
Mads Hargreave commented
Hi
I have enabled Corsica in my Endpoint as such:
plug Corsica, max_age: 600, origins: "*", log: :info, allow_headers: ["accept", "content-type", "authorization", "origin"]
And If I make any requests to my domain, I see the correct access-control-allow-origin: *
header.
However, if I request asses such as fonts, the header is not set
Why is this?
UPDATE:
Making any non-staticfile requests to the server logs:
Simple CORS request from Origin 'http://gitchecker.com' is allowed
HEAD /some_non_asset_path
If I request an asset, nothing is logged
Andrea Leopardi commented
It seems likely that the plug that serves static files comes before Corsica
in the plug pipeline. Could that be the case?
Mads Hargreave commented
Indeed it did and moving it fixed the problem. Much appreciated
Andrea Leopardi commented
@madshargreave no worries, my pleasure :)