From df763820550aa9a906f65b6add3033b3b57c1167 Mon Sep 17 00:00:00 2001 From: Canh Ngo Date: Thu, 23 Mar 2017 16:07:09 +0100 Subject: [PATCH 1/2] Adds support for CORS on error responses --- .../rootfs/etc/nginx/template/nginx.tmpl | 26 ++++++++++++------- 1 file changed, 17 insertions(+), 9 deletions(-) diff --git a/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl b/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl index efe296422..78e4a4b87 100644 --- a/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl +++ b/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl @@ -545,7 +545,7 @@ stream { # Om nom nom cookies # add_header 'Access-Control-Allow-Credentials' 'true'; - add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; + add_header 'Access-Control-Allow-Methods' 'GET, PUT, POST, DELETE, OPTIONS'; # # Custom headers and headers various browsers *should* be OK with but aren't # @@ -558,16 +558,24 @@ stream { add_header 'Content-Length' 0; return 204; } - if ($request_method = 'POST') { - add_header 'Access-Control-Allow-Origin' '*'; - add_header 'Access-Control-Allow-Credentials' 'true'; - add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; - add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'; - } + set $cors_method 0; if ($request_method = 'GET') { - add_header 'Access-Control-Allow-Origin' '*'; + set $cors_method 1; + } + if ($request_method = 'PUT') { + set $cors_method 1; + } + if ($request_method = 'POST') { + set $cors_method 1; + } + if ($request_method = 'DELETE') { + set $cors_method 1; + } + + if ($cors_method = 1) { + add_header 'Access-Control-Allow-Origin' '*' always; add_header 'Access-Control-Allow-Credentials' 'true'; - add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; + add_header 'Access-Control-Allow-Methods' 'GET, PUT, POST, DELETE, OPTIONS'; add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'; } {{ end }} From 46a42a290588b1c62b4ec470be9008d087871871 Mon Sep 17 00:00:00 2001 From: Canh Ngo Date: Thu, 23 Mar 2017 16:07:51 +0100 Subject: [PATCH 2/2] Adds support for CORS with Authorization header --- controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl b/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl index 78e4a4b87..977bb13da 100644 --- a/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl +++ b/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl @@ -549,7 +549,7 @@ stream { # # Custom headers and headers various browsers *should* be OK with but aren't # - add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'; + add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization'; # # Tell client that this pre-flight info is valid for 20 days # @@ -576,6 +576,6 @@ stream { add_header 'Access-Control-Allow-Origin' '*' always; add_header 'Access-Control-Allow-Credentials' 'true'; add_header 'Access-Control-Allow-Methods' 'GET, PUT, POST, DELETE, OPTIONS'; - add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'; + add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization'; } {{ end }}