From f36b5337296a159fb4aa1a3a4a44d4525d94f4a0 Mon Sep 17 00:00:00 2001 From: Kenan Erdogan Date: Thu, 20 Feb 2020 17:00:57 +0100 Subject: [PATCH] gesis.mybinder.org: allow OPTIONS method and do 308 redirection (https://github.com/jupyterhub/mybinder.org-deploy/issues/1344) --- load_balancer/sites-available/gesis_mybinder | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/load_balancer/sites-available/gesis_mybinder b/load_balancer/sites-available/gesis_mybinder index 3a81ce27..4873ade3 100644 --- a/load_balancer/sites-available/gesis_mybinder +++ b/load_balancer/sites-available/gesis_mybinder @@ -31,7 +31,7 @@ server { location / { # https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/301 - limit_except GET { + limit_except GET OPTIONS { deny all; } # https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS @@ -40,11 +40,13 @@ server { add_header 'Cache-Control' 'no-cache'; # https://serverfault.com/questions/426673/nginx-redirect-subdomain-to-sub-directory # https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/#taxing-rewrites - return 301 https://notebooks.gesis.org/binder$request_uri; + return 308 https://notebooks.gesis.org/binder$request_uri; } location /build/ { - limit_except GET { + # add OPTIONS for Preflighted requests: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS + # adding OPTIONS is just to be safe, I am not sure if this is preflighted + limit_except GET OPTIONS { deny all; } add_header Access-Control-Allow-Origin $allowed_origin; @@ -53,7 +55,7 @@ server { add_header 'Access-Control-Allow-Headers' 'cache-control'; add_header 'Content-Type' 'text/event-stream'; add_header 'Cache-Control' 'no-cache'; - return 301 https://notebooks.gesis.org/binder$request_uri; + # use Permanent Redirect (308) instead of 301, mybinder.org redirects with 307 + return 308 https://notebooks.gesis.org/binder$request_uri; } } -