forked from ISTI-ansible-roles/ansible-roles
library/roles/nginx/defaults/main.yml: Add examples to enable cors and x-frame-options.
This commit is contained in:
parent
96a35c2cc6
commit
78f009ba44
|
@ -69,5 +69,51 @@ nginx_letsencrypt_managed: True
|
|||
# php, rewrite rules, acls, ldap auth
|
||||
# More robust rules
|
||||
# log format personalization (global, inside conf.d)
|
||||
# CORS
|
||||
#
|
||||
# Special cases: mediawiki,...
|
||||
#
|
||||
# CORS example 1
|
||||
# set $cors '';
|
||||
# if ($http_origin ~* 'https?://(localhost|*\.example\.org)') {
|
||||
# set $cors 'true';
|
||||
# }
|
||||
|
||||
# if ($cors = 'true') {
|
||||
# add_header 'Access-Control-Allow-Origin' "$http_origin";
|
||||
# add_header 'Access-Control-Allow-Credentials' 'true';
|
||||
# add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS';
|
||||
# add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With';
|
||||
# }
|
||||
|
||||
# if ($request_method = 'OPTIONS') {
|
||||
# return 204;
|
||||
# }
|
||||
|
||||
# CORS example 2
|
||||
# location / {
|
||||
# if ($request_method = 'OPTIONS') {
|
||||
# add_header 'Access-Control-Allow-Origin' '*';
|
||||
# add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
|
||||
# #
|
||||
# # Custom headers and headers various browsers *should* be OK with but aren't
|
||||
# #
|
||||
# add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
|
||||
# #
|
||||
# # Tell client that this pre-flight info is valid for 20 days
|
||||
# #
|
||||
# add_header 'Access-Control-Max-Age' 1728000;
|
||||
# add_header 'Content-Type' 'text/plain charset=UTF-8';
|
||||
# add_header 'Content-Length' 0;
|
||||
# return 204;
|
||||
# }
|
||||
# if ($request_method = 'POST') {
|
||||
# add_header 'Access-Control-Allow-Origin' '*';
|
||||
# add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
|
||||
# add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
|
||||
# }
|
||||
# if ($request_method = 'GET') {
|
||||
# add_header 'Access-Control-Allow-Origin' '*';
|
||||
# add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
|
||||
# add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
|
||||
# }
|
||||
|
|
Loading…
Reference in New Issue