configure cors in nginx

datacite · Jul 19, 2021 · c3b9e29 · c3b9e29
1 parent f74f871
commit c3b9e29
Show file tree

Hide file tree

Showing 2 changed files with 38 additions and 15 deletions.
diff --git a/config/initializers/cors.rb b/config/initializers/cors.rb
@@ -7,18 +7,18 @@
 
 # Read more: https://github.com/cyu/rack-cors
 
-Rails.application.config.middleware.insert_before 0,
-                                                  Rack::Cors,
-                                                  debug: true,
-                                                  logger:
-                                                    (-> { Rails.logger }) do
-  allow do
-    origins Rails.application.config.allowed_cors_origins.deep_dup
-    # origins "*"
-    resource "*",
-             headers: :any,
-             expose: %w[X-Credential-Username X-Anonymous-Consumer],
-             methods: %i[get post put patch delete options head],
-             credentials: true
-  end
-end
+# Rails.application.config.middleware.insert_before 0,
+#                                                   Rack::Cors,
+#                                                   debug: true,
+#                                                   logger:
+#                                                     (-> { Rails.logger }) do
+#   allow do
+#     origins Rails.application.config.allowed_cors_origins.deep_dup
+#     # origins "*"
+#     resource "*",
+#              headers: :any,
+#              expose: %w[X-Credential-Username X-Anonymous-Consumer],
+#              methods: %i[get post put patch delete options head],
+#              credentials: true
+#   end
+# end
diff --git a/vendor/docker/webapp.conf b/vendor/docker/webapp.conf
@@ -15,6 +15,29 @@ server {
         return 301 https://support.datacite.org/docs/api;
     }
 
+    location / {
+        # enable CORS
+        if ($request_method = 'OPTIONS') {
+            add_header 'Access-Control-Allow-Origin' $http_origin;
+            add_header 'Access-Control-Allow-Methods' 'GET,HEAD,POST,PUT,PATCH,DELETE,OPTIONS';
+            add_header 'Access-Control-Allow-Headers' 'DNT,Content-Type,Accept,Accept-Encoding,Origin,User-Agent,Cache-Control,Keep-Alive,Authorization';
+            add_header 'Access-Control-Allow-Credentials' 'true';
+            add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range,X-Credential-Username,X-Anonymous-Consumer,Authorization';
+            add_header 'Access-Control-Max-Age' 1728000;
+            add_header 'Content-Type' 'text/plain charset=UTF-8';
+            add_header 'Content-Length' 0;
+            return 204;
+        }
+
+        if ($request_method = 'POST') {
+            add_header 'Access-Control-Allow-Origin' $http_origin;
+            add_header 'Access-Control-Allow-Methods' 'GET,HEAD,POST,PUT,PATCH,DELETE,OPTIONS';
+            add_header 'Access-Control-Allow-Headers' 'DNT,Content-Type,Accept,Accept-Encoding,Origin,User-Agent,Cache-Control,Keep-Alive,Authorization';
+            add_header 'Access-Control-Allow-Credentials' 'true';
+            add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range,X-Credential-Username,X-Anonymous-Consumer,Authorization';
+        }
+    }
+
     location /client-api/graphql {
         gzip            on;
         gzip_min_length 1000;