Hi, I am looking for a solution to setting the CORS Access-Control-Allow-Origin header value dynamically based on from where the worker is being called. I have two origins I want to allow calling the worker, but not others. Therefore I can’t use * for the header value. Another reason I can’t use it is that using * would prevent me from using credentials: ‘include’ on the fetch which is also something I need. I figured this might be easy by just pulling the host from the request headers and setting the ACAO header value to that in the response headers, however, the host in the request headers always has the value of the worker host, not the peer host. Why is that? And is there a way to get the host value of the connection peer?
- myapp.com fetches my worker - the worker sets the ACAO header to myapp.com
- partner.otherapp.com fetches my worker - the worker sets ACAO header to partner.otherapp.com
Is this possible?