Commit 8877a9c4 authored by BAIRE Anthony's avatar BAIRE Anthony
Browse files

Merge branch '314-make-the-api-cors-compliant' into 'django'

New location rule to manage CORS for API only.

Closes #314

See merge request !171
parents bb48f4b4 c87d973c
Pipeline #77897 passed with stages
in 3 minutes and 36 seconds
......@@ -78,6 +78,36 @@ server
try_files $uri/index.html $uri.html $uri @django;
location /api/v1
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain; charset=utf-8';
add_header 'Content-Length' 0;
# Custom headers and headers various browsers *should* be OK with but aren't
add_header 'Access-Control-Allow-Headers' 'Content-Type,Authorization';
return 204;
add_header Access-Control-Allow-Origin "*";
# proxy_redirect off; # work without it, maybe it's bad to remove it
proxy_pass http://django;
# header set to distinguish between requests going directly from nginx and
# requests going through aio
# This is a security feature. Django trusts this value (like the
# X-Forwarded-* headers), do not remove it !
proxy_set_header X-Origin "nginx";
location @django
proxy_redirect off;
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment