Support CORS in nginx for InfoCloud #13

ckulka · Aug 25, 2019 · 77cb5ad · 77cb5ad
1 parent 5eaf267
commit 77cb5ad
Showing 1 changed file with 54 additions and 0 deletions.
diff --git a/files/nginx.conf b/files/nginx.conf
@@ -25,5 +25,59 @@ server {
     fastcgi_pass   unix:/var/run/php/php7.2-fpm.sock;
     fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
     fastcgi_param  PATH_INFO        $fastcgi_path_info;
+
+    # Add CORS support, e.g. for InfCloud
+    # See
+    # - https://enable-cors.org/server_nginx.html
+    # - https://www.inf-it.com/infcloud/readme.txt section 3
+    if ($request_method = 'OPTIONS') {
+      add_header 'Access-Control-Allow-Origin' '*' always;
+      add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PROPFIND, PROPPATCH, REPORT, PUT, MOVE, DELETE, LOCK, UNLOCK' always;
+      add_header 'Access-Control-Allow-Headers' 'User-Agent,Authorization,Content-type,Depth,If-match,If-None-Match,Lock-Token,Timeout,Destination,Overwrite,Prefer,X-client,X-Requested-With' always;
+      add_header 'Access-Control-Expose-Headers' 'Etag,Preference-Applied' always;
+
+      # Tell client that this pre-flight info is valid for 20 days
+      add_header 'Access-Control-Max-Age' 1728000;
+      add_header 'Content-Type' 'text/plain; charset=utf-8';
+      add_header 'Content-Length' 0;
+      return 204;
+    }
+    set $add_cors 0;
+    if ($request_method = 'POST') {
+      set $add_cors 1;
+    }
+    if ($request_method = 'GET') {
+      set $add_cors 1;
+    }
+    if ($request_method = 'PROPFIND') {
+      set $add_cors 1;
+    }
+    if ($request_method = 'PROPPATCH') {
+      set $add_cors 1;
+    }
+    if ($request_method = 'REPORT') {
+      set $add_cors 1;
+    }
+    if ($request_method = 'PUT') {
+      set $add_cors 1;
+    }
+    if ($request_method = 'MOVE') {
+      set $add_cors 1;
+    }
+    if ($request_method = 'DELETE') {
+      set $add_cors 1;
+    }
+    if ($request_method = 'LOCK') {
+      set $add_cors 1;
+    }
+    if ($request_method = 'UNLOCK') {
+      set $add_cors 1;
+    }
+    if ($add_cors = 1) {
+      add_header 'Access-Control-Allow-Origin' '*' always;
+      add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PROPFIND, PROPPATCH, REPORT, PUT, MOVE, DELETE, LOCK, UNLOCK' always;
+      add_header 'Access-Control-Allow-Headers' 'User-Agent,Authorization,Content-type,Depth,If-match,If-None-Match,Lock-Token,Timeout,Destination,Overwrite,Prefer,X-client,X-Requested-With' always;
+      add_header 'Access-Control-Expose-Headers' 'Etag,Preference-Applied' always;
+    }
   }
 }