Merge pull request #59 from hubmapconsortium/enable-cors-zhou

Enable CORS for Gateway

nginx/conf.d-dev/hubmap-auth.conf

@@ -41,6 +41,34 @@ server {
 
     # Pass reqeusts to the uWSGI server using the "uwsgi" protocol on port 5000
     location / { 
+        # Always enable CORS 
+        # Response to preflight requests
+        if ($request_method = 'OPTIONS') {
+            # The directive `add_header` doesn't work when response status code is 401, 403 or 500
+            # The `always` parameter is specified so the header field will be added regardless of the response code
+            add_header 'Access-Control-Allow-Origin' '*' always;
+            add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, OPTIONS' always;
+
+            # Custom headers and headers various browsers should be OK with but aren't
+            add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,Authorization, MAuthorization,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always;
+
+            # Cache the response to this preflight request in browser for 24 hours (86400 seconds) 
+            # without sending another preflight request
+            add_header 'Access-Control-Max-Age' 86400 always;
+
+            add_header 'Content-Type' 'text/plain; charset=utf-8' always;
+            add_header 'Content-Length' 0 always;
+            return 204;
+        }
+
+        # Response to the original requests (HTTP methods are case-sensitive) with CORS enabled
+        if ($request_method ~ (POST|GET|PUT)) {
+            add_header 'Access-Control-Allow-Origin' '*' always;
+            add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, OPTIONS' always;
+            add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,Authorization, MAuthorization,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always;
+            add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
+        }
+
         include uwsgi_params;
         # Use "localhost" becuase the uWSGI server is also running on the same container
         uwsgi_pass uwsgi://localhost:5000;

nginx/conf.d-localhost/hubmap-auth.conf

@@ -25,6 +25,34 @@ server {
 
     # HTTP requests get passed to the uwsgi server using the "uwsgi" protocol on port 5000
     location / { 
+        # Always enable CORS 
+        # Response to preflight requests
+        if ($request_method = 'OPTIONS') {
+            # The directive `add_header` doesn't work when response status code is 401, 403 or 500
+            # The `always` parameter is specified so the header field will be added regardless of the response code
+            add_header 'Access-Control-Allow-Origin' '*' always;
+            add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, OPTIONS' always;
+
+            # Custom headers and headers various browsers should be OK with but aren't
+            add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,Authorization, MAuthorization,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always;
+
+            # Cache the response to this preflight request in browser for 24 hours (86400 seconds) 
+            # without sending another preflight request
+            add_header 'Access-Control-Max-Age' 86400 always;
+
+            add_header 'Content-Type' 'text/plain; charset=utf-8' always;
+            add_header 'Content-Length' 0 always;
+            return 204;
+        }
+
+        # Response to the original requests (HTTP methods are case-sensitive) with CORS enabled
+        if ($request_method ~ (POST|GET|PUT)) {
+            add_header 'Access-Control-Allow-Origin' '*' always;
+            add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, OPTIONS' always;
+            add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,Authorization, MAuthorization,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always;
+            add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
+        }
+
         include uwsgi_params;
         # Use "localhost" becuase the uwsgi server is also running on the same container
         uwsgi_pass uwsgi://localhost:5000;

nginx/conf.d-prod/hubmap-auth.conf

@@ -41,6 +41,34 @@ server {
 
     # Pass reqeusts to the uWSGI server using the "uwsgi" protocol on port 5000
     location / { 
+        # Always enable CORS 
+        # Response to preflight requests
+        if ($request_method = 'OPTIONS') {
+            # The directive `add_header` doesn't work when response status code is 401, 403 or 500
+            # The `always` parameter is specified so the header field will be added regardless of the response code
+            add_header 'Access-Control-Allow-Origin' '*' always;
+            add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, OPTIONS' always;
+
+            # Custom headers and headers various browsers should be OK with but aren't
+            add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,Authorization, MAuthorization,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always;
+
+            # Cache the response to this preflight request in browser for 24 hours (86400 seconds) 
+            # without sending another preflight request
+            add_header 'Access-Control-Max-Age' 86400 always;
+
+            add_header 'Content-Type' 'text/plain; charset=utf-8' always;
+            add_header 'Content-Length' 0 always;
+            return 204;
+        }
+
+        # Response to the original requests (HTTP methods are case-sensitive) with CORS enabled
+        if ($request_method ~ (POST|GET|PUT)) {
+            add_header 'Access-Control-Allow-Origin' '*' always;
+            add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, OPTIONS' always;
+            add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,Authorization, MAuthorization,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always;
+            add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
+        }
+
         include uwsgi_params;
         # Use "localhost" becuase the uWSGI server is also running on the same container
         uwsgi_pass uwsgi://localhost:5000;

nginx/conf.d-stage/hubmap-auth.conf

@@ -41,6 +41,34 @@ server {
 
     # Pass reqeusts to the uWSGI server using the "uwsgi" protocol on port 5000
     location / { 
+        # Always enable CORS 
+        # Response to preflight requests
+        if ($request_method = 'OPTIONS') {
+            # The directive `add_header` doesn't work when response status code is 401, 403 or 500
+            # The `always` parameter is specified so the header field will be added regardless of the response code
+            add_header 'Access-Control-Allow-Origin' '*' always;
+            add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, OPTIONS' always;
+
+            # Custom headers and headers various browsers should be OK with but aren't
+            add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,Authorization, MAuthorization,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always;
+
+            # Cache the response to this preflight request in browser for 24 hours (86400 seconds) 
+            # without sending another preflight request
+            add_header 'Access-Control-Max-Age' 86400 always;
+
+            add_header 'Content-Type' 'text/plain; charset=utf-8' always;
+            add_header 'Content-Length' 0 always;
+            return 204;
+        }
+
+        # Response to the original requests (HTTP methods are case-sensitive) with CORS enabled
+        if ($request_method ~ (POST|GET|PUT)) {
+            add_header 'Access-Control-Allow-Origin' '*' always;
+            add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, OPTIONS' always;
+            add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,Authorization, MAuthorization,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always;
+            add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
+        }
+
         include uwsgi_params;
         # Use "localhost" becuase the uWSGI server is also running on the same container
         uwsgi_pass uwsgi://localhost:5000;

nginx/conf.d-test/hubmap-auth.conf

@@ -41,6 +41,34 @@ server {
 
     # Pass reqeusts to the uWSGI server using the "uwsgi" protocol on port 5000
     location / { 
+        # Always enable CORS 
+        # Response to preflight requests
+        if ($request_method = 'OPTIONS') {
+            # The directive `add_header` doesn't work when response status code is 401, 403 or 500
+            # The `always` parameter is specified so the header field will be added regardless of the response code
+            add_header 'Access-Control-Allow-Origin' '*' always;
+            add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, OPTIONS' always;
+
+            # Custom headers and headers various browsers should be OK with but aren't
+            add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,Authorization, MAuthorization,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always;
+
+            # Cache the response to this preflight request in browser for 24 hours (86400 seconds) 
+            # without sending another preflight request
+            add_header 'Access-Control-Max-Age' 86400 always;
+
+            add_header 'Content-Type' 'text/plain; charset=utf-8' always;
+            add_header 'Content-Length' 0 always;
+            return 204;
+        }
+
+        # Response to the original requests (HTTP methods are case-sensitive) with CORS enabled
+        if ($request_method ~ (POST|GET|PUT)) {
+            add_header 'Access-Control-Allow-Origin' '*' always;
+            add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, OPTIONS' always;
+            add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,Authorization, MAuthorization,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always;
+            add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
+        }
+
         include uwsgi_params;
         # Use "localhost" becuase the uWSGI server is also running on the same container
         uwsgi_pass uwsgi://localhost:5000;