Setting up CORS in Caddy:

Allow from any origin

header Access-Control-Allow-Origin "*"

Allow from specific origins

The example for this configuration is buried in the import directive examples. We declare a (cors) snippet which is then imported by the site.

(cors) {
  @origin header Origin {args.0}
  header @origin Access-Control-Allow-Origin "{args.0}"
  header @origin Access-Control-Allow-Methods "OPTIONS,HEAD,GET,POST,PUT,PATCH,DELETE"
}

site.tld {
  import cors origin1.tld
  import cors origin2.tld
}