corsfix4

2024-12-17 20:06:15 +03:00 · 2024-12-17 20:06:15 +03:00 · daf5336410
commit daf5336410
parent 0923dc61d6
2 changed files with 23 additions and 26 deletions
--- a/docs/features.md
+++ b/docs/features.md
@ -26,10 +26,10 @@
 ## CORS Configuration

 - Поддерживаются домены:
-  - localhost (включая поддомены и порты)
-  - *.dscrs.site (включая testing.dscrs.site)
-  - *.discours.io
+  - *.dscrs.site (включая testing.dscrs.site, core.dscrs.site)
+  - *.discours.io (включая testing.discours.io)
+  - localhost (включая порты)
 - Поддерживаемые методы: GET, POST, OPTIONS
 - Настроена поддержка credentials
- Настроена обработка preflight-запросов
+- Разрешенные заголовки: Authorization, Content-Type, X-Requested-With, DNT, Cache-Control
 - Настроено кэширование preflight-ответов на 20 дней (1728000 секунд)
--- a/nginx.conf.sigil
+++ b/nginx.conf.sigil
@ -1,17 +1,14 @@
 {{ $proxy_settings := "proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; proxy_set_header Host $http_host; proxy_set_header X-Request-Start $msec;" }}
 {{ $gzip_settings := "gzip on; gzip_min_length  1100; gzip_buffers  4 32k; gzip_types text/css text/javascript text/xml text/plain text/x-component application/javascript application/x-javascript application/json application/xml application/rss+xml font/truetype application/x-font-ttf font/opentype application/vnd.ms-fontobject image/svg+xml; gzip_vary on; gzip_comp_level  6;" }}

-{{ $cors_headers_options := "if ($request_method = 'OPTIONS') { add_header 'Access-Control-Allow-Origin' '$allow_origin' always; add_header 'Access-Control-Allow-Credentials' 'true' always; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always; add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization' always; add_header 'Access-Control-Max-Age' 1728000 always; add_header 'Content-Type' 'text/plain; charset=utf-8'; add_header 'Content-Length' 0; return 204; }" }}
-{{ $cors_headers_post := "if ($request_method = 'POST') { add_header 'Access-Control-Allow-Origin' '$allow_origin' always; add_header 'Access-Control-Allow-Credentials' 'true' always; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always; add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization' always; add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always; }" }}
-{{ $cors_headers_get := "if ($request_method = 'GET') { add_header 'Access-Control-Allow-Origin' '$allow_origin' always; add_header 'Access-Control-Allow-Credentials' 'true' always; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always; add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization' always; add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always; }" }}
-
 map $http_origin $allow_origin {
-    "https://testing.dscrs.site"    "https://testing.dscrs.site";
-    "https://core.dscrs.site"       "https://core.dscrs.site";
-    "~^https?://localhost(:[0-9]+)?$"   $http_origin;
-    "~^https?://(.*\.)?dscrs\.site$"    $http_origin;
-    "~^https?://(.*\.)?discours\.io$"   $http_origin;
-    default                             "";
+    "https://testing.dscrs.site" "https://testing.dscrs.site";
+    "https://testing.discours.io" "https://testing.discours.io";
+    "https://core.dscrs.site" "https://core.dscrs.site";
+    "~^https?://(.*\.)?dscrs\.site$" $http_origin;
+    "~^https?://(.*\.)?discours\.io$" $http_origin;
+    "~^https?://localhost(:[0-9]+)?$" $http_origin;
+    default "";
 }

 proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=my_cache:10m max_size=1g 
@ -56,19 +53,19 @@ server {
        {{ $proxy_settings }}
        {{ $gzip_settings }}

-        add_header 'Access-Control-Allow-Origin' $allow_origin always;
-        add_header 'Access-Control-Allow-Credentials' 'true' always;
-        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
-        add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization' always;
-        add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
+        if ($allow_origin != "") {
+            add_header "Access-Control-Allow-Origin" $allow_origin always;
+            add_header "Access-Control-Allow-Credentials" "true" always;
+            add_header "Access-Control-Allow-Methods" "GET, POST, OPTIONS" always;
+            add_header "Access-Control-Allow-Headers" "Authorization, Content-Type, X-Requested-With, DNT, Cache-Control" always;
+        }

-        if ($request_method = 'OPTIONS') {
-            add_header 'Access-Control-Allow-Origin' $allow_origin always;
-            add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
-            add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization' always;
-            add_header 'Access-Control-Max-Age' 1728000 always;
-            add_header 'Content-Type' 'text/plain charset=UTF-8';
-            add_header 'Content-Length' 0;
+        if ($request_method = "OPTIONS") {
+            add_header "Access-Control-Allow-Origin" $allow_origin always;
+            add_header "Access-Control-Allow-Credentials" "true" always;
+            add_header "Access-Control-Allow-Methods" "GET, POST, OPTIONS" always;
+            add_header "Access-Control-Allow-Headers" "Authorization, Content-Type, X-Requested-With, DNT, Cache-Control" always;
+            add_header "Access-Control-Max-Age" 1728000;
            return 204;
        }