quarks
Reputation: 35276
Enable CORS for every request
I've been trying to add CORS http headers with nginx but have failed, what should be added in the nginx configuration below to allow CORS for every request?
I have this nginx.conf:
user nginx;
worker_processes auto;
worker_rlimit_nofile 2048;
load_module modules/ngx_stream_module.so;
error_log /var/log/nginx/error_log info;
events {
worker_connections 2048;
use epoll;
}
#### REMOVE THIS SECTION IF YOU WANT TO CONFIGURE YOUR ENVIRONMENT YOURSELF #####
include /etc/nginx/nginx-jelastic.conf;
#### MAKE CHANGES HERE ONLY IF YOU REALY KNOW WHAT YOU ARE DOING #####
and this nginx-jelastic.conf
######## HTTP SECTION PROTOTYPE ########
http {
server_tokens off ;
include /etc/nginx/mime.types;
default_type application/octet-stream;
set_real_ip_from 192.168.0.0/16;
set_real_ip_from 5.6.7.8/8;
set_real_ip_from 1.2.3.4/16;
real_ip_header X-Forwarded-For;
real_ip_recursive on;
log_format main '$remote_addr:$http_x_remote_port - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" '
'"$host" sn="$server_name" '
'rt=$request_time '
'ua="$upstream_addr" us="$upstream_status" '
'ut="$upstream_response_time" ul="$upstream_response_length" '
'cs=$upstream_cache_status' ;
client_header_timeout 10m;
client_body_timeout 10m;
send_timeout 10m;
client_max_body_size 50m;
connection_pool_size 256;
client_header_buffer_size 1k;
large_client_header_buffers 4 2k;
request_pool_size 4k;
# gzip on;
gzip_min_length 1100;
gzip_buffers 4 8k;
gzip_types text/plain;
output_buffers 1 32k;
postpone_output 1460;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 75 20;
ignore_invalid_headers on;
map $upstream_addr $group {
default "";
### MAPPING FOLLOWS HERE ###
### ~XXX\.XXX\.XXX\.XXX\:XX$ $GROUPNAME; ### MAPPROTO ### This is mappings prototype line, do not remove this!
~9\.8\.7\.6\:80$ common; ### MAPPROTO for common ###
}
### DEFAULT UPSTREAM FOLLOWS HERE ###
upstream default_upstream{
### server XXX.XXX.XXX.XXX; ### $GROUPNAME ### DEFUPPROTO ###
server 9.8.7.6; ### DEFUPPROTO for common ###
sticky path=/; }
### UPSTREAMS LIST FOLLOWS HERE ###
#upstream nodes{ server XXX.XXX.XXX.XXX; server 127.0.0.1:8001 backup # UPSTREAMPROTO # This is upstream prototype line, do not remove this! }
upstream common { server 9.8.7.6 ; sticky path=/; } ### UPSTREAMPROTO for common ###
#GFADMIN
server {
listen *:80;
listen [::]:80;
server_name _;
access_log /var/log/nginx/localhost.access_log main;
error_log /var/log/nginx/localhost.error_log info;
#ModSecurityEnabled on;
#ModSecurityConfig /etc/nginx/conf.d/modsecurity/modsec_includes.conf;
proxy_temp_path /var/nginx/tmp/;
proxy_connect_timeout 5s;
error_page 500 502 503 504 /50x.html;
proxy_next_upstream error timeout http_500;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Host $http_host;
proxy_set_header X-Forwarded-For $http_x_forwarded_for;
proxy_set_header X-Remote-Port $http_x_remote_port;
proxy_set_header X-URI $uri;
proxy_set_header X-ARGS $args;
proxy_set_header Refer $http_refer;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
if ($http_x_remote_port = '' ) {
set $http_x_remote_port $remote_port;
}
location = /50x.html {
root html;
}
location / {
if ($cookie_SRVGROUP ~ group|common) {
proxy_pass http://$cookie_SRVGROUP;
error_page 500 502 503 504 = @rescue;
}
if ($cookie_SRVGROUP !~ group|common) {
add_header Set-Cookie "SRVGROUP=$group; path=/";
}
proxy_pass http://default_upstream;
add_header Set-Cookie "SRVGROUP=$group; path=/";
}
location @rescue {
proxy_pass http://default_upstream;
add_header Set-Cookie "SRVGROUP=$group; path=/";
}
#USERLOCATIONS
}
# server {
# listen *:8001;
# server_name backup.local;
#
# location / {
# proxy_pass http://default_upstream;
# add_header Set-Cookie "SRVGROUP=$group; path=/";
# proxy_http_version 1.1;
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Host $http_host;
# proxy_set_header X-Forwarded-For $http_x_forwarded_for;
# proxy_set_header X-URI $uri;
# proxy_set_header X-ARGS $args;
# proxy_set_header Refer $http_refer;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection "upgrade";
# }
# }
include /etc/nginx/conf.d/*.conf;
}
######## TCP SECTION PROTOTYPE ########
My browser app is always getting:
Failed to load https://api.mydomain.net: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:63343' is therefore not allowed access.
Even if I add this:
location / {
if ($cookie_SRVGROUP ~ group|common) {
proxy_pass http://$cookie_SRVGROUP;
error_page 500 502 503 504 = @rescue;
}
if ($cookie_SRVGROUP !~ group|common) {
add_header Set-Cookie "SRVGROUP=$group; path=/";
}
proxy_pass http://default_upstream;
add_header Set-Cookie "SRVGROUP=$group; path=/";
if ($request_method = "OPTIONS") {
add_header "Access-Control-Allow-Origin" "*";
add_header "Access-Control-Allow-Credentials" "true";
add_header "Access-Control-Allow-Methods" "GET, POST, OPTIONS, PUT, DELETE";
#
# Custom headers and headers various browsers *should* be OK with but aren"t
#
add_header "Access-Control-Allow-Headers" "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range";
#
# Tell client that this pre-flight info is valid for 20 days
#
add_header "Access-Control-Max-Age" 1728000;
add_header "Content-Type" "text/plain; charset=utf-8";
add_header "Content-Length" 0;
return 204;
}
}
Upvotes: 1
Views: 4368
Answers (1)
revo
Reputation: 48701
The problem is that you are answering to preflight requests but forgot about main request that is made right after a preflight request if it has been successful. So you just need another if statement for a GET or POST (or whatever else) for adding the same Access-Control-* headers and mainly Access-Control-Allow-Origin:
if ($request_method = 'GET') {
add_header 'Access-Control-Allow-Origin' '*';
}
Upvotes: 5
Related Questions
- nginx config to enable CORS with origin matching
- How to enable CORS in Nginx proxy server?
- How to allow access via CORS to multiple domains within nginx
- Nginx. Blocked by CORS policy
- Allow CORS on Nginx to work with AngularJS HTTP GET
- Enable CORs for all upstream server locations
- How to enable CORS in nginx
- CORS rules coversion from Apache .htaccess to nginx
- enabe CORS form any site/localhost in nginx
- Using Nginx as proxy to avoid CORS