machankura/mempool
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ops: Set HTTP CORS headers in nginx for services

Browse Source
This commit is contained in:
wiz 2024-07-13 19:56:17 +09:00
parent 725e9c0d95
commit 5a86c8c83a
No known key found for this signature in database
GPG Key ID: A394E332255A6173
1 changed files with 21 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
production/nginx/location-api-v1-services.conf
View File

@ -58,6 +58,27 @@ location @mempool-api-v1-services-cache-disabled {
add_header 'Pragma' 'no-cache';
add_header 'Cache-Control' 'private, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
# generate CORS configuration from origin header
set $cors_methods 'GET, POST, PUT, DELETE, OPTIONS';
set $cors_origin 'https://mempool.space';
set $cors_headers 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With';
set $cors_credentials 'true';
# set CORS for approved hostnames
if ($cors_approved_origin = 'legit')
{
set $cors_methods 'GET, POST, PUT, DELETE, OPTIONS';
set $cors_origin "$http_origin";
set $cors_headers 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With';
set $cors_credentials 'true';
}
# set CORS for approved hostnames
add_header Access-Control-Allow-Methods "$cors_methods" always;
add_header Access-Control-Allow-Origin "$cors_origin" always;
add_header Access-Control-Allow-Headers "$cors_headers" always;
add_header Access-Control-Allow-Credentials "$cors_credentials" always;
proxy_redirect off;
proxy_buffering off;