How to dynamically set header response value?

How to dynamically set the origin value as the header value Access-Control-Allow-Origin using Modify header response? I want to achieve something like this:

if (any(http.request.headers["origin"][*] in {"https://web.example.com", "https://app.example.com"})) {
  return http.request.headers["origin"][*]
} else {
  return "https://example.com"
}

i.e if the origin url is from https://web.example.com or https://app.example.com make use of this origin value as the header value else make use of https://example.com as the header value.

How can i achieve this?

There should be only one Origin header, so it’s easiest to use http.request.headers["origin"][0]

This would also need to be two rules, in reverse order, because last match wins.

First would just Static set it to https://example.com

Second would be if http.request.headers["origin"][0] contains web.example.com OR if it contains app.example.com. Then dynamic set it to http.request.headers["origin"][0]

The second will overwrite the first if it the second one gets triggered.

2 Likes

Also can you show how to do the second step you have mentioned in code? i.e setting the dynamic value.

Update:

Thanks I got it worked :heart_eyes:

1 Like

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.