This page is about Caddy 1, but Caddy 2 is now in beta. Click here for Caddy 2. Thank you for your patience as we transition!

User Guide


Supports Cross Origin Resource Sharing headers

Full documentation


Simple usage

Allows all origins access to all resources

Only allow certain origin domains
cors / http://mytrusteddomain.tld

Only allow cross-origin requests from a few specific domains

Full config
cors / { origin origin methods POST,PUT allow_credentials false max_age 3600 allowed_headers X-Custom-Header,X-Foobar exposed_headers X-Something-Special,SomethingElse }

Shows examples of all available options

Related Links

Access the full documentation for this plugin off-site:

Plugin Help

Get help from the maintainers of the http.cors plugin:

Plugin Website

Visit http.cors's website for more information:

Plugin Author: captncraig
Last Updated: 18 Apr 2017, 4:19 PM
This plugin is independent of the Caddy project and is not endorsed or maintained by Caddy developers. Use at your own risk. Do not file issues for this plugin on Caddy's bug tracker.