ops: Set HTTP CORS headers with caching in nginx for services

2024-07-13 20:20:15 +09:00 · 2024-07-13 20:20:15 +09:00 · 66c5c303b3
commit 66c5c303b3
parent 5a86c8c83a
1 changed files with 82 additions and 0 deletions
--- a/production/nginx/location-api-v1-services.conf
+++ b/production/nginx/location-api-v1-services.conf
@ -58,6 +58,36 @@ location @mempool-api-v1-services-cache-disabled {
 	add_header 'Pragma' 'no-cache';
 	add_header 'Cache-Control' 'private, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';

+	proxy_redirect off;
+	proxy_buffering off;
+
+	expires -1;
+}
+
+location @mempool-api-v1-services-cache-disabled-addcors {
+	proxy_pass $mempoolSpaceServices;
+
+	# remove these just in case double proxied
+	proxy_hide_header Onion-Location;
+	proxy_hide_header Strict-Transport-Security;
+	proxy_hide_header Content-Security-Policy;
+	proxy_hide_header X-Frame-Options;
+
+	# remove cache headers from services backend
+	proxy_hide_header Cache-Control;
+	proxy_hide_header Expires;
+	proxy_hide_header Pragma;
+
+	# pass these headers to services backend
+	proxy_set_header Host $host;
+	proxy_set_header X-Real-IP $remote_addr;
+	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+	proxy_set_header X-Forwarded-Proto $scheme;
+
+	# add our own cache headers
+	add_header 'Pragma' 'no-cache';
+	add_header 'Cache-Control' 'private, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
+
 	# generate CORS configuration from origin header
 	set $cors_methods 'GET, POST, PUT, DELETE, OPTIONS';
 	set $cors_origin 'https://mempool.space';
@ -116,6 +146,58 @@ location @mempool-api-v1-services-cache-short {
 	proxy_cache_valid 200 2s;
 }

+location @mempool-api-v1-services-cache-short-addcors {
+	proxy_pass $mempoolSpaceServices;
+	proxy_cache services;
+	proxy_redirect off;
+
+	# remove these just in case double proxied
+	proxy_hide_header Onion-Location;
+	proxy_hide_header Strict-Transport-Security;
+	proxy_hide_header Content-Security-Policy;
+	proxy_hide_header X-Frame-Options;
+
+	# pass these headers to services backend
+	proxy_set_header Host $host;
+	proxy_set_header X-Real-IP $remote_addr;
+	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+	proxy_set_header X-Forwarded-Proto $scheme;
+
+	# remove cache headers from services backend
+	proxy_hide_header Cache-Control;
+	proxy_hide_header Expires;
+	proxy_hide_header Pragma;
+
+	# generate CORS configuration from origin header
+	set $cors_methods 'GET, POST, PUT, DELETE, OPTIONS';
+	set $cors_origin 'https://mempool.space';
+	set $cors_headers 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With';
+	set $cors_credentials 'true';
+
+	# set CORS for approved hostnames
+	if ($cors_approved_origin = 'legit')
+	{
+		set $cors_methods 'GET, POST, PUT, DELETE, OPTIONS';
+		set $cors_origin "$http_origin";
+		set $cors_headers 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With';
+		set $cors_credentials 'true';
+	}
+
+	# set CORS for approved hostnames
+	add_header Access-Control-Allow-Methods "$cors_methods" always;
+	add_header Access-Control-Allow-Origin "$cors_origin" always;
+	add_header Access-Control-Allow-Headers "$cors_headers" always;
+	add_header Access-Control-Allow-Credentials "$cors_credentials" always;
+
+	# add our own cache headers
+	add_header 'Pragma' 'public';
+	add_header 'Cache-Control' 'public';
+	expires 2s;
+
+	# server-side cache validity
+	proxy_cache_valid 200 2s;
+}
+
 location @mempool-api-v1-services-cache-medium {
 	proxy_pass $mempoolSpaceServices;
 	proxy_cache services;