cors

2020-07-27 17:04:21 +02:00 · 2020-07-27 17:04:21 +02:00 · 1dbc842c55
parent af1f4896f0
commit 1dbc842c55
3 changed files with 52 additions and 1 deletions
--- a/docker/nginx/conf.d/client.conf
+++ b/docker/nginx/conf.d/client.conf
@ -42,10 +42,14 @@ server {
 	client_max_body_size 128k;

 	location / {
+		include /etc/nginx/conf.d/include/cors;
+
 		root /var/www/webportal;
 	}

 	location /blacklist {
+		include /etc/nginx/conf.d/include/cors;
+
 		proxy_cache skynet;
 		proxy_cache_valid any 1m; # cache blacklist for 1 minute
 		proxy_set_header Access-Control-Allow-Origin: *;
@ -54,6 +58,8 @@ server {
 	}

 	location /portals {
+		include /etc/nginx/conf.d/include/cors;
+
 		proxy_cache skynet;
 		proxy_cache_valid any 1m; # cache portals for 1 minute
 		proxy_set_header Access-Control-Allow-Origin: *;
@ -62,6 +68,8 @@ server {
 	}

 	location /stats {
+		include /etc/nginx/conf.d/include/cors;
+
 		proxy_cache skynet;
 		proxy_cache_valid any 1m; # cache stats for 1 minute
 		proxy_set_header Access-Control-Allow-Origin: *;
@ -70,6 +78,8 @@ server {
 	}

 	location /statsdown {
+		include /etc/nginx/conf.d/include/cors;
+
 		proxy_cache skynet;
 		proxy_cache_valid any 1m; # cache stats for 1 minute
 		proxy_set_header Access-Control-Allow-Origin: *;
@ -78,21 +88,29 @@ server {
 	}

 	location /health-check {
+		include /etc/nginx/conf.d/include/cors;
+
 		proxy_set_header Access-Control-Allow-Origin: *;
 		proxy_pass http://health-check:3100;
 	}

 	location /hns {
+		include /etc/nginx/conf.d/include/cors;
+
 		proxy_set_header Access-Control-Allow-Origin: *;
 		proxy_pass http://handshake-api:3100;
 	}

 	location /hnsres {
+		include /etc/nginx/conf.d/include/cors;
+
 		proxy_set_header Access-Control-Allow-Origin: *;
 		proxy_pass http://handshake-api:3100;
 	}

 	location /skynet/skyfile {
+		include /etc/nginx/conf.d/include/cors;
+
 		limit_conn uploads_by_ip 10; # ddos protection: max 10 uploads at a time
 		client_max_body_size 1000M; # make sure to limit the size of upload to a sane value
 		proxy_read_timeout 600;
@ -135,6 +153,8 @@ server {
 	}
 	
 	location ~ "/skynet/skyfile/(.+)" {
+		include /etc/nginx/conf.d/include/cors;
+
 		limit_conn uploads_by_ip 10; # ddos protection: max 10 uploads at a time
 		client_max_body_size 1000M; # make sure to limit the size of upload to a sane value
 		proxy_read_timeout 600;
@ -152,6 +172,8 @@ server {
 	}

 	location ~ "^/([a-zA-Z0-9-_]{46}(/.*)?)$" {
+		include /etc/nginx/conf.d/include/cors;
+
 		limit_conn downloads_by_ip 100; # ddos protection: max 100 downloads at a time

 		# we need to explicitly use set directive here because $1 will contain the skylink with
@ -176,6 +198,8 @@ server {
 	}

 	location ~ "^/file/([a-zA-Z0-9-_]{46}(/.*)?)$" {
+		include /etc/nginx/conf.d/include/cors;
+
 		limit_conn downloads_by_ip 100; # ddos protection: max 100 downloads at a time

 		# we need to explicitly use set directive here because $1 will contain the skylink with
--- a/docker/nginx/conf.d/include/cors
+++ b/docker/nginx/conf.d/include/cors
@ -0,0 +1,27 @@
+if ($request_method = 'OPTIONS') {
+    add_header 'Access-Control-Allow-Origin' '*';
+    add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+    #
+    # Custom headers and headers various browsers *should* be OK with but aren't
+    #
+    add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
+    #
+    # Tell client that this pre-flight info is valid for 20 days
+    #
+    add_header 'Access-Control-Max-Age' 1728000;
+    add_header 'Content-Type' 'text/plain; charset=utf-8';
+    add_header 'Content-Length' 0;
+    return 204;
+}
+if ($request_method = 'POST') {
+    add_header 'Access-Control-Allow-Origin' '*';
+    add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+    add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
+    add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
+}
+if ($request_method = 'GET') {
+    add_header 'Access-Control-Allow-Origin' '*';
+    add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+    add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
+    add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
+}
--- a/setup-scripts/setup-docker-services.sh
+++ b/setup-scripts/setup-docker-services.sh
@ -24,7 +24,7 @@ docker-compose --version # sanity check
 # CLOUDFLARE_AUTH_TOKEN - cloudflare auth token for ssl generation (just for siasky.net)
 if ! [ -f /home/user/skynet-webportal/.env ]; then
    HSD_API_KEY=$(openssl rand -base64 32) # generate safe random key for handshake
-    printf "DOMAIN_NAME=example.com\nEMAIL_ADDRESS=email@example.com\nSIA_API_AUTHORIZATION=\nCLOUDFLARE_AUTH_TOKEN=\nHSD_API_KEY=${HSD_API_KEY}\n" > /home/user/skynet-webportal/.env
+    printf "DOMAIN_NAME=example.com\nEMAIL_ADDRESS=email@example.com\nSIA_API_AUTHORIZATION=\nCLOUDFLARE_AUTH_TOKEN=\nHSD_API_KEY=${HSD_API_KEY}\nAWS_ACCESS_KEY_ID=\nAWS_SECRET_ACCESS_KEY=\n" > /home/user/skynet-webportal/.env
 fi

 # Start docker container with nginx and client