Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Question: how-to enable CORS

See original GitHub issue

Hi there,

First of all, thanks for the wonderful package: it simplifies life tremendously!

The issue I’m looking to solve

I’m looking for a way to extend the proxy to enable CORS between subdomains.

More specifically, in a scenario with three services…

  • jwilder/nginx-proxy
  • image/foo with VIRTUAL_HOST=foo.mydomain.com
  • image/bar with VIRTUAL_HOST=bar.mydomain.com

… I’d like nginx to set the headers to allow CORS between foo.mydomain.com and bar.mydomain.com, but not from outside of the domain (e.g. www.otherdomain.com).

What the docker-compose file looks like

version: "3.2"
services:
    proxy:
        image: jwilder/nginx-proxy
        ports:
            - "80:80"
        volumes:
            - /var/run/docker.sock:/tmp/docker.sock:ro     
    foo:
        image: image/foo
        env:
            - VIRTUAL_HOST=foo.mydomain.com
    bar:
        image: image/bar
        env:
            - VIRTUAL_HOST=bar.mydomain.com

What I’ve already tried

I understand that I can replace the default proxy settings, but ideally, I’d just like to extend it with this functionality. Through some googling, I’ve found a way to approach this issue, but I’m unsure about how I’d go about and actually implement this.

The general approach would be to add this block of code in each server block of /etc/nginx/conf.d/default.conf:

server {
    set $cors "";
    if ($http_origin ~* (.*\.mydomain.com)) {
        set $cors "true";
    }
    location / {
        if ($cors = "true") {
            add_header 'Access-Control-Allow-Origin' "$http_origin";
            add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, DELETE, PUT';
            add_header 'Access-Control-Allow-Credentials' 'true';
            add_header 'Access-Control-Allow-Headers' 'User-Agent,Keep-Alive,Content-Type';
        }
        if ($request_method = OPTIONS) {
            return 204;
        }
    }
}

However, this approach overwrites all the other elements in the server block, such as server_name, and hence, doesn’t achieve my purposes.

Is there any canonical approach to this problem?

Thanks in advance for your help and insights.

Issue Analytics

  • State:closed
  • Created 6 years ago
  • Reactions:11
  • Comments:18

github_iconTop GitHub Comments

18reactions
hunterlongcommented, May 17, 2018

It would be awesome to have a ALLOW_CORS env for this. I was able to enable CORs by editing the vhosts for my specific domain. Below is an example of how to do this.

  1. Create a file called example.com and attach it to: /etc/nginx/vhost.d/example.com with contents:
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'User-Agent,Keep-Alive,Content-Type';
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';

This file will only work for example.com, which matches my VIRTUAL_HOST environment variable. I guess you can’t wild card a vhost, so you’ll need to do the same thing for all subdomains if needed. That’s it, it seems to work too. 🎉

7reactions
wildsurfercommented, May 31, 2017

Here is my workaround. I’m using location default configuration https://github.com/jwilder/nginx-proxy#per-virtual_host-location-default-configuration.

  1. Create file /etc/nginx/vhost.d/default_location
  2. Add this code:
if ($http_origin ~* (.*\.mydomain.com)) {
    add_header 'Access-Control-Allow-Origin' "$http_origin";
    add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, DELETE, PUT';
    add_header 'Access-Control-Allow-Credentials' 'true';
    add_header 'Access-Control-Allow-Headers' 'User-Agent,Keep-Alive,Content-Type';
}
if ($request_method = OPTIONS) {
    return 204;
}

This will enable CORS for all virtual hosts. Also you can add this code to some of them (check docs)

Read more comments on GitHub >

github_iconTop Results From Across the Web

Cross-Origin Resource Sharing (CORS) - MDN Web Docs
The CORS mechanism supports secure cross-origin requests and data transfers between browsers and servers. Modern browsers use CORS in APIs such ...
Read more >
How to enable cors in Node js - Online Interview Questions
In this article, we are going to see how to enable CORS ( Cross-Origin Resource Sharing ) in Node JS. CORS essentially means...
Read more >
How to Test CORS header - Stack Overflow
When I access the application pages of host2 am expecting it to show Access-Control-Allow-Origin header in response. But which is missing. How ...
Read more >
How to enable CORS on ubuntu 20.04 with apache
Hi there,. You need to first make sure that you have the headers module enabled: sudo a2enmod headers. And then I think that...
Read more >
The ultimate guide to enabling Cross-Origin Resource ...
The ultimate guide to enabling Cross-Origin Resource Sharing (CORS) ... With over 10,000 questions posted under the cors tag on ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Empty upstream with docker-compose.yml

Next page

server <ip> down / VIRTUAL_PORT ignored