New base URL setup

Cris · March 17, 2022, 6:01pm

Hi,

I’m trying to understand the new base URL setup in v3.6.3:
If I add https://domain-b.com to the url allow list in my https://domain-a.com's config,
will it automatically send a “Access-Control-Allow-Origin: https://domain-b.com” header when I make a fetch request from https://domain-b.com to a route of https://domain-a.com
or would I still have to set the header in the response by myself?

bastianallgeier · March 18, 2022, 10:22am

The URL allow list can only be set in the main config. It is meant as a security feature to tell Kirby which base URLs are accepted. It makes sure that an attacking request cannot trick Kirby into generating different URLs for assets for example. It’s not needed in most server environments, but adds an additional layer of security in reverse proxy setups for example.

It does not have anything to do with access control headers though. You still have to set them manually.

Cris · March 18, 2022, 11:29am

Thanks for the explanation, Bastian!
I understand the purpose of this feature now =)

Topic		Replies	Views
Set up https instead http Questions 🤔	1	384	January 23, 2021
Sub domain redirections Solved ✅	3	416	September 16, 2018
Setting CORS headers Questions 🤔	3	107	February 6, 2024
Https .htaccess Solved ✅	2	2074	January 22, 2021
Help launching cloned Kirby site Solved ✅	16	485	August 1, 2020

New base URL setup

Related Topics