Skip to content

Commit

Permalink
Enable CORS for Gateway
Browse files Browse the repository at this point in the history
  • Loading branch information
yuanzhou committed Oct 16, 2020
1 parent 53431e4 commit 79d7af6
Show file tree
Hide file tree
Showing 5 changed files with 140 additions and 0 deletions.
28 changes: 28 additions & 0 deletions nginx/conf.d-dev/hubmap-auth.conf
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,34 @@ server {

# Pass reqeusts to the uWSGI server using the "uwsgi" protocol on port 5000
location / {
# Always enable CORS
# Response to preflight requests
if ($request_method = 'OPTIONS') {
# The directive `add_header` doesn't work when response status code is 401, 403 or 500
# The `always` parameter is specified so the header field will be added regardless of the response code
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, OPTIONS' always;

# Custom headers and headers various browsers should be OK with but aren't
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,Authorization, MAuthorization,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always;

# Cache the response to this preflight request in browser for 24 hours (86400 seconds)
# without sending another preflight request
add_header 'Access-Control-Max-Age' 86400 always;

add_header 'Content-Type' 'text/plain; charset=utf-8' always;
add_header 'Content-Length' 0 always;
return 204;
}

# Response to the original requests (HTTP methods are case-sensitive) with CORS enabled
if ($request_method ~ (POST|GET|PUT)) {
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,Authorization, MAuthorization,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always;
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
}

include uwsgi_params;
# Use "localhost" becuase the uWSGI server is also running on the same container
uwsgi_pass uwsgi://localhost:5000;
Expand Down
28 changes: 28 additions & 0 deletions nginx/conf.d-localhost/hubmap-auth.conf
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,34 @@ server {

# HTTP requests get passed to the uwsgi server using the "uwsgi" protocol on port 5000
location / {
# Always enable CORS
# Response to preflight requests
if ($request_method = 'OPTIONS') {
# The directive `add_header` doesn't work when response status code is 401, 403 or 500
# The `always` parameter is specified so the header field will be added regardless of the response code
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, OPTIONS' always;

# Custom headers and headers various browsers should be OK with but aren't
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,Authorization, MAuthorization,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always;

# Cache the response to this preflight request in browser for 24 hours (86400 seconds)
# without sending another preflight request
add_header 'Access-Control-Max-Age' 86400 always;

add_header 'Content-Type' 'text/plain; charset=utf-8' always;
add_header 'Content-Length' 0 always;
return 204;
}

# Response to the original requests (HTTP methods are case-sensitive) with CORS enabled
if ($request_method ~ (POST|GET|PUT)) {
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,Authorization, MAuthorization,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always;
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
}

include uwsgi_params;
# Use "localhost" becuase the uwsgi server is also running on the same container
uwsgi_pass uwsgi://localhost:5000;
Expand Down
28 changes: 28 additions & 0 deletions nginx/conf.d-prod/hubmap-auth.conf
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,34 @@ server {

# Pass reqeusts to the uWSGI server using the "uwsgi" protocol on port 5000
location / {
# Always enable CORS
# Response to preflight requests
if ($request_method = 'OPTIONS') {
# The directive `add_header` doesn't work when response status code is 401, 403 or 500
# The `always` parameter is specified so the header field will be added regardless of the response code
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, OPTIONS' always;

# Custom headers and headers various browsers should be OK with but aren't
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,Authorization, MAuthorization,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always;

# Cache the response to this preflight request in browser for 24 hours (86400 seconds)
# without sending another preflight request
add_header 'Access-Control-Max-Age' 86400 always;

add_header 'Content-Type' 'text/plain; charset=utf-8' always;
add_header 'Content-Length' 0 always;
return 204;
}

# Response to the original requests (HTTP methods are case-sensitive) with CORS enabled
if ($request_method ~ (POST|GET|PUT)) {
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,Authorization, MAuthorization,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always;
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
}

include uwsgi_params;
# Use "localhost" becuase the uWSGI server is also running on the same container
uwsgi_pass uwsgi://localhost:5000;
Expand Down
28 changes: 28 additions & 0 deletions nginx/conf.d-stage/hubmap-auth.conf
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,34 @@ server {

# Pass reqeusts to the uWSGI server using the "uwsgi" protocol on port 5000
location / {
# Always enable CORS
# Response to preflight requests
if ($request_method = 'OPTIONS') {
# The directive `add_header` doesn't work when response status code is 401, 403 or 500
# The `always` parameter is specified so the header field will be added regardless of the response code
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, OPTIONS' always;

# Custom headers and headers various browsers should be OK with but aren't
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,Authorization, MAuthorization,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always;

# Cache the response to this preflight request in browser for 24 hours (86400 seconds)
# without sending another preflight request
add_header 'Access-Control-Max-Age' 86400 always;

add_header 'Content-Type' 'text/plain; charset=utf-8' always;
add_header 'Content-Length' 0 always;
return 204;
}

# Response to the original requests (HTTP methods are case-sensitive) with CORS enabled
if ($request_method ~ (POST|GET|PUT)) {
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,Authorization, MAuthorization,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always;
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
}

include uwsgi_params;
# Use "localhost" becuase the uWSGI server is also running on the same container
uwsgi_pass uwsgi://localhost:5000;
Expand Down
28 changes: 28 additions & 0 deletions nginx/conf.d-test/hubmap-auth.conf
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,34 @@ server {

# Pass reqeusts to the uWSGI server using the "uwsgi" protocol on port 5000
location / {
# Always enable CORS
# Response to preflight requests
if ($request_method = 'OPTIONS') {
# The directive `add_header` doesn't work when response status code is 401, 403 or 500
# The `always` parameter is specified so the header field will be added regardless of the response code
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, OPTIONS' always;

# Custom headers and headers various browsers should be OK with but aren't
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,Authorization, MAuthorization,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always;

# Cache the response to this preflight request in browser for 24 hours (86400 seconds)
# without sending another preflight request
add_header 'Access-Control-Max-Age' 86400 always;

add_header 'Content-Type' 'text/plain; charset=utf-8' always;
add_header 'Content-Length' 0 always;
return 204;
}

# Response to the original requests (HTTP methods are case-sensitive) with CORS enabled
if ($request_method ~ (POST|GET|PUT)) {
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,Authorization, MAuthorization,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always;
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
}

include uwsgi_params;
# Use "localhost" becuase the uWSGI server is also running on the same container
uwsgi_pass uwsgi://localhost:5000;
Expand Down

0 comments on commit 79d7af6

Please sign in to comment.