Request: enable CORS on Nginx for 404 responses

[seyfro]

We use kong together with the CORS plugin in order to enable cross origin requests - this works great for regular 200 requests, but fails for 4xx requests, as Access-Control-Allow-Origin cannot be made available by the CORS plugin. We also tried to add it manually to kong.yml but this had unwanted sideffects of Access-Control-Allow-Origin being set to , for regular requests and breaking them.

We would need CORS for 4xx request too in order to be able to show different error messages to our users based on the status code.

I therefore would appreciate if the CORS plugin could be enhanced in order to also allow Access-Control-Allow-Origin for 4xx requests. According to https://serverfault.com/questions/393532/allowing-cross-origin-requests-cors-on-nginx-for-404-responses this could either be achieved by adding always to add_header(...) requests or by integrating the headers-more module in nginx.

[aslafy-z]

I'd be glad to take this on. I've opened an issue to implement the always flag for nginx's add_header option in the lua implementation.

See openresty/lua-nginx-module#1392

Implement here: https://github.com/Kong/kong/blob/master/kong/pdk/service/request.lua#L283