Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add cors headers default nginx #304

Merged
merged 4 commits into from
Dec 9, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -208,6 +208,10 @@ These variables are common to image variants and will set defaults based on the

| Name | Description|
| -------- | ------------------------------------------------------------------- |
| CORS_HEADER_403_ALLOW_ORIGIN | The value of the [Access-Control-Allow-Origin](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin) header for `403` responses. Determines which origins can access the response. (Default: `"*"`). |
| CORS_HEADER_403_ALLOW_METHODS | The value of the [Access-Control-Request-Method](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method) header for `403` responses. Determines the allowed request methods for the resource. Default: `"GET, POST, PUT, DELETE, OPTIONS"` |
| CORS_HEADER_403_CONTENT_TYPE | The value of the `Content-Type` header for `403` responses. Default: (`"text/plain"`) |
| CORS_HEADER_403_MAX_AGE | The value of the [Access-Control-Max-Age](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Max-Age) header for `403` responses. The number of seconds that preflight requests for this resource may be cached by the browser. (Default: `3600`) |
| DNS_SERVER | A string indicating the name servers used to resolve names of upstream servers into addresses. For localhost backend this value should not be defined (Default: _not defined_) |
| KEEPALIVE_TIMEOUT | Number of seconds for a keep-alive client connection to stay open on the server side (Default: `60s`) |
| NGINX_ALWAYS_TLS_REDIRECT | A string value indicating if http should redirect to https (Allowed values: `on`, `off`. Default: `off`) |
Expand Down
5 changes: 5 additions & 0 deletions nginx/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -114,6 +114,11 @@ LABEL maintainer="Felipe Zipitria <[email protected]>"
ENV \
ACCESSLOG=/var/log/nginx/access.log \
BACKEND=http://localhost:80 \
CORS_HEADER_403_ALLOW_ORIGIN="*" \
CORS_HEADER_403_ALLOW_METHODS="GET, POST, PUT, DELETE, OPTIONS" \
CORS_HEADER_403_CONTENT_TYPE="text/plain" \
CORS_HEADER_403_MAX_AGE=3600 \
CORS_HEADER_ACCESS_CONTROL_ALLOW_HEADERS="*" \
fzipi marked this conversation as resolved.
Show resolved Hide resolved
DNS_SERVER= \
ERRORLOG=/var/log/nginx/error.log \
KEEPALIVE_TIMEOUT=60s \
Expand Down
5 changes: 5 additions & 0 deletions nginx/Dockerfile-alpine
Original file line number Diff line number Diff line change
Expand Up @@ -107,6 +107,11 @@ LABEL maintainer="Felipe Zipitria <[email protected]>"
ENV \
ACCESSLOG=/var/log/nginx/access.log \
BACKEND=http://localhost:80 \
CORS_HEADER_403_ALLOW_ORIGIN="*" \
CORS_HEADER_403_ALLOW_METHODS="GET, POST, PUT, DELETE, OPTIONS" \
CORS_HEADER_403_CONTENT_TYPE="text/plain" \
CORS_HEADER_403_MAX_AGE=3600 \
CORS_HEADER_ACCESS_CONTROL_ALLOW_HEADERS="*" \
fzipi marked this conversation as resolved.
Show resolved Hide resolved
DNS_SERVER= \
ERRORLOG=/var/log/nginx/error.log \
KEEPALIVE_TIMEOUT=60s \
Expand Down
1 change: 1 addition & 0 deletions nginx/templates/conf.d/default.conf.template
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,7 @@ server {
location / {
client_max_body_size 0;

include includes/cors.conf;
include includes/proxy_backend.conf;

index index.html index.htm;
Expand Down
5 changes: 5 additions & 0 deletions nginx/templates/includes/cors.conf.template
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
more_set_headers -s 403 'Content-Type' '${CORS_HEADER_403_CONTENT_TYPE}';
more_set_headers -s 403 'Access-Control-Allow-Origin' '${CORS_HEADER_403_ALLOW_ORIGIN}';
more_set_headers -s 403 'Access-Control-Max-Age' '${CORS_HEADER_403_MAX_AGE}';
more_set_headers -s 403 'Access-Control-Allow-Methods' '${CORS_HEADER_403_ALLOW_METHODS}';
more_set_headers 'Access-Control-Allow-Headers' '${CORS_HEADER_ACCESS_CONTROL_ALLOW_HEADERS}';
theseion marked this conversation as resolved.
Show resolved Hide resolved
fzipi marked this conversation as resolved.
Show resolved Hide resolved
2 changes: 2 additions & 0 deletions nginx/templates/nginx.conf.template
Original file line number Diff line number Diff line change
@@ -1,4 +1,6 @@
load_module modules/ngx_http_modsecurity_module.so;
# allows to add cors headers when replying with 403
load_module modules/ngx_http_headers_more_filter_module.so;

worker_processes auto;
pid /tmp/nginx.pid;
Expand Down
Loading