when jwt plugin returns a response with status code 401 because of an expired token, the response doesn’t have a header ‘Access-Control-Allow-Origin: …’ so that web browser can’t access the response by javascript.
i know CORS plugin but don’t want to use CORS plugin.
instead, each upstream server handles CORS.
is it possible to add a header when jwt plugin returns a response?
Why not add CORS plugin to kong’s service entity since it represents the upstream server? this way you don’t need to modify the kong source code in case the CORS parameter needs to change.