From 01f346f23936b171f462a34318ed3125086ae097 Mon Sep 17 00:00:00 2001
From: yingshaoxo <yingshaoxo@gmail.com>
Date: Tue, 4 Apr 2023 20:36:11 +0800
Subject: [PATCH] Add accessControlAllowHeaders example

---
 docs/content/middlewares/http/headers.md | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/docs/content/middlewares/http/headers.md b/docs/content/middlewares/http/headers.md
index e79a627b0..432ab008c 100644
--- a/docs/content/middlewares/http/headers.md
+++ b/docs/content/middlewares/http/headers.md
@@ -207,11 +207,14 @@ http:
 CORS (Cross-Origin Resource Sharing) headers can be added and configured in a manner similar to the custom headers above.
 This functionality allows for more advanced security features to quickly be set.
 If CORS headers are set, then the middleware does not pass preflight requests to any service,
-instead the response will be generated and sent back to the client directly.
+instead the response will be generated and sent back to the client directly.  
+Please note that the example below is by no means authoritative or exhaustive,
+and should not be used as is for production.
 
 ```yaml tab="Docker"
 labels:
   - "traefik.http.middlewares.testheader.headers.accesscontrolallowmethods=GET,OPTIONS,PUT"
+  - "traefik.http.middlewares.testheader.headers.accesscontrolallowheaders=*"
   - "traefik.http.middlewares.testheader.headers.accesscontrolalloworiginlist=https://foo.bar.org,https://example.org"
   - "traefik.http.middlewares.testheader.headers.accesscontrolmaxage=100"
   - "traefik.http.middlewares.testheader.headers.addvaryheader=true"
@@ -228,6 +231,7 @@ spec:
       - "GET"
       - "OPTIONS"
       - "PUT"
+    accessControlAllowHeaders: "*"
     accessControlAllowOriginList:
       - "https://foo.bar.org"
       - "https://example.org"
@@ -237,6 +241,7 @@ spec:
 
 ```yaml tab="Consul Catalog"
 - "traefik.http.middlewares.testheader.headers.accesscontrolallowmethods=GET,OPTIONS,PUT"
+- "traefik.http.middlewares.testheader.headers.accesscontrolallowheaders=*"
 - "traefik.http.middlewares.testheader.headers.accesscontrolalloworiginlist=https://foo.bar.org,https://example.org"
 - "traefik.http.middlewares.testheader.headers.accesscontrolmaxage=100"
 - "traefik.http.middlewares.testheader.headers.addvaryheader=true"
@@ -245,6 +250,7 @@ spec:
 ```json tab="Marathon"
 "labels": {
   "traefik.http.middlewares.testheader.headers.accesscontrolallowmethods": "GET,OPTIONS,PUT",
+  "traefik.http.middlewares.testheader.headers.accesscontrolallowheaders=*",
   "traefik.http.middlewares.testheader.headers.accesscontrolalloworiginlist": "https://foo.bar.org,https://example.org",
   "traefik.http.middlewares.testheader.headers.accesscontrolmaxage": "100",
   "traefik.http.middlewares.testheader.headers.addvaryheader": "true"
@@ -254,6 +260,7 @@ spec:
 ```yaml tab="Rancher"
 labels:
   - "traefik.http.middlewares.testheader.headers.accesscontrolallowmethods=GET,OPTIONS,PUT"
+  - "traefik.http.middlewares.testheader.headers.accesscontrolallowheaders=*"
   - "traefik.http.middlewares.testheader.headers.accesscontrolalloworiginlist=https://foo.bar.org,https://example.org"
   - "traefik.http.middlewares.testheader.headers.accesscontrolmaxage=100"
   - "traefik.http.middlewares.testheader.headers.addvaryheader=true"
@@ -268,6 +275,7 @@ http:
           - GET
           - OPTIONS
           - PUT
+        accessControlAllowHeaders: "*"
         accessControlAllowOriginList:
           - https://foo.bar.org
           - https://example.org
@@ -279,6 +287,7 @@ http:
 [http.middlewares]
   [http.middlewares.testHeader.headers]
     accessControlAllowMethods= ["GET", "OPTIONS", "PUT"]
+    accessControlAllowHeaders= "*"
     accessControlAllowOriginList = ["https://foo.bar.org","https://example.org"]
     accessControlMaxAge = 100
     addVaryHeader = true