Add CORS header support to nginx locations #225

ansell · 2019-01-03T23:11:17Z

NGINX locations need to have CORS support optionally available for applications to specify origins/verbs/etc. that are allowed to perform cross-site queries. This is being done on an ad hoc manner on some servers currently, which makes it impossible to deploy using Ansible to those servers as it would break core functionality that has been manually added.

If add_header is used inside an NGINX location, the other security headers (HSTS/Referrer-Policy/etc.) which are defined in the enclosing server also need to be reinserted into the location or they are ignored.

The text was updated successfully, but these errors were encountered:

@ansell

* Added CORS fragment. Fix for #225 * Added new var following @ansell review * Added missing bracket

ansell added enhancement IAD labels Jan 3, 2019

ansell added the security label May 8, 2019

vjrj added a commit to vjrj/ala-install that referenced this issue Feb 13, 2020

Added CORS fragment. Fix for AtlasOfLivingAustralia#225

b7a8bc4

vjrj mentioned this issue Feb 13, 2020

Added CORS fragments to nginx_vhost role #370

Merged

vjrj added a commit to vjrj/ala-install that referenced this issue May 14, 2020

Added CORS fragment. Fix for AtlasOfLivingAustralia#225

3002556

vjrj closed this as completed in #370 Jun 5, 2020

vjrj added a commit that referenced this issue Jun 5, 2020

Added CORS fragments to nginx_vhost role (#370)

01e47c6

* Added CORS fragment. Fix for #225 * Added new var following @ansell review * Added missing bracket

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add CORS header support to nginx locations #225

Add CORS header support to nginx locations #225

ansell commented Jan 3, 2019

Add CORS header support to nginx locations #225

Add CORS header support to nginx locations #225

Comments

ansell commented Jan 3, 2019