CORS headers do not appear in the response

I am seeing no CORS headers in the response

Response Headers

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Cache-Control: no-cache, max-age=0
Content-Length: 2
Content-Type: text/plain; charset=utf-8
Date: Sun, 26 Apr 2020 06:56:15 GMT
Referrer-Policy: no-referrer
Strict-Transport-Security: max-age=15552000
Vary: Accept-Encoding
Vary: Origin
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Xss-Protection: 1; mode=block

Traefik

Version:      2.2.0
Codename:     chevrotin
Go version:   go1.14.1
Built:        2020-03-25T17:32:57Z
OS/Arch:      linux/amd64

Configurations

traefik.yaml

accessLog: {}

api:
  insecure: true
  dashboard: true

log:
  level: INFO
  format: json

providers:
  docker:
    endpoint: unix:///var/run/docker.sock
    exposedByDefault: false
  file:
    directory: /etc/traefik/providers

/etc/traefik/providers/file.provider.yaml

http:
  middlewares:
    for-dev:
      chain:
        middlewares:
          - compress-it
          - cors-headers
          - security-headers
          - cache-headers
    compress-it:
      compress: {}
    security-headers:
      headers:
        frameDeny: true
        contentTypeNosniff: true
        referrerPolicy: no-referrer
        browserXssFilter: true
        stsSeconds: 15552000
        forceSTSHeader: true
    cors-headers:
      headers:
        accessControlAllowCredentials: true
        accessControlAllowHeaders:
          - Origin
          - Authorization
          - Content-Type
        accessControlAllowMethods:
          - OPTION
          - GET
          - POST
          - PUT
          - PATCH
        accessControlAllowOriginList:
          - http://example.com
        accessControlMaxAge: 100
        addVaryHeader: true
    cache-headers:
      headers:
        customResponseHeaders:
          Cache-Control: "no-cache, max-age=0"

docker-compose.yaml

backend:
    ...
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.backend.rule=PathPrefix(`/api`)"
      - "traefik.http.routers.backend.middlewares=for-dev@file"

Try dropping the sheme http://

I already tried that but It didn't work out.

What is your request, and which headers are you expecting to see? Access-Control-Allow-Credentials is a CORS header and I can see it in the response above.

Try sending some other requests:

curl -v address -H "Origin: http://example.com"

Response:

< HTTP/1.1 200 OK
< Access-Control-Allow-Credentials: true
< Access-Control-Allow-Origin: http://example.com
< Cache-Control: no-cache, max-age=0
< Content-Length: 377
< Content-Type: text/plain; charset=utf-8
< Date: Fri, 01 May 2020 14:30:48 GMT
< Referrer-Policy: no-referrer
< Strict-Transport-Security: max-age=15552000
< Vary: Accept-Encoding
< Vary: Origin
< X-Content-Type-Options: nosniff
< X-Frame-Options: DENY
< X-Xss-Protection: 1; mode=block

Request:

curl -v address -H "Origin: http://example.com" -XOPTIONS -H "Access-Control-Request-Method: POST"

Response:

< HTTP/1.1 200 OK
< Access-Control-Allow-Credentials: true
< Access-Control-Allow-Headers: Origin,Authorization,Content-Type
< Access-Control-Allow-Methods: OPTION,GET,POST,PUT,PATCH
< Access-Control-Allow-Origin: http://example.com
< Access-Control-Max-Age: 100
< Vary: Accept-Encoding
< Date: Fri, 01 May 2020 14:31:05 GMT
< Content-Length: 0

Looks normal to me.

@numToStr, so, problem solved?

Yeah, it solved. Thanks man.