From 5874accb90632f2ed85c081f15c49fba118452fb Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Sun, 11 Mar 2018 14:33:32 +0100 Subject: [PATCH] nginx cors: the methods can be customised now. See https://issue.openaire.research-infrastructures.eu/issues/3365 --- nginx/defaults/main.yml | 1 + nginx/templates/nginx-cors.conf.j2 | 9 +++++---- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/nginx/defaults/main.yml b/nginx/defaults/main.yml index bd0facdf..16b1ef02 100644 --- a/nginx/defaults/main.yml +++ b/nginx/defaults/main.yml @@ -65,6 +65,7 @@ nginx_cors_global: True nginx_cors_limit_origin: True nginx_cors_extended_rules: False nginx_cors_acl_origin: 'http?://(localhost)' +nginx_cors_allowed_methods: 'GET, POST, OPTIONS' # Find a set of acceptable defaults for the cache setup nginx_cache_enabled: False diff --git a/nginx/templates/nginx-cors.conf.j2 b/nginx/templates/nginx-cors.conf.j2 index 13827c92..83c36d6f 100644 --- a/nginx/templates/nginx-cors.conf.j2 +++ b/nginx/templates/nginx-cors.conf.j2 @@ -6,7 +6,7 @@ if ($request_method = 'OPTIONS') { {% else %} add_header 'Access-Control-Allow-Origin' '*'; {% endif %} - add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; + add_header 'Access-Control-Allow-Methods' '{{ nginx_cors_allowed_methods }}'; # # Custom headers and headers various browsers *should* be OK with but aren't # @@ -26,7 +26,7 @@ if ($request_method = 'POST') { {% else %} add_header 'Access-Control-Allow-Origin' '*'; {% endif %} - add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; + add_header 'Access-Control-Allow-Methods' '{{ nginx_cors_allowed_methods }}'; add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With,Accept-Language,X-CustomHeader,Content-Range,Range'; add_header 'Access-Control-Expose-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With,Accept-Language,X-CustomHeader,Content-Range,Range'; } @@ -37,7 +37,7 @@ if ($request_method = 'GET') { {% else %} add_header 'Access-Control-Allow-Origin' '*'; {% endif %} - add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; + add_header 'Access-Control-Allow-Methods' '{{ nginx_cors_allowed_methods }}'; add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With,Accept-Language,X-CustomHeader,Content-Range,Range'; add_header 'Access-Control-Expose-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With,Accept-Language,X-CustomHeader,Content-Range,Range'; } @@ -48,8 +48,9 @@ add_header 'Access-Control-Allow-Credentials' 'true'; {% else %} add_header 'Access-Control-Allow-Origin' '*'; {% endif %} -add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; +add_header 'Access-Control-Allow-Methods' '{{ nginx_cors_allowed_methods }}'; add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With,Accept-Language,X-CustomHeader,Content-Range,Range'; +add_header 'Access-Control-Expose-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With,Accept-Language,X-CustomHeader,Content-Range,Range'; {% if nginx_cors_limit_origin %} if ($request_method = 'OPTIONS') { return 204;