Unable to resolve the "Access-Control-Allow-Origin" issue

Ajay Garg ajaygargnsit at gmail.com
Thu Apr 13 01:39:29 UTC 2017


Upgraded to 1.11

Now, things get worse, I am not being prompted for any credentials (even
with all browser cache cleared), even with the following
/etc/nginx/conf.d/default.conf


##########################################################
server {

                listen 443 ssl;
                ssl_certificate /etc/nginx/ssl/nginx.crt;
                ssl_certificate_key /etc/nginx/ssl/nginx.key;

#               add_header 'Access-Control-Max-Age' 1728000 'always';
#               add_header 'Access-Control-Allow-Origin' $http_origin
'always';
#               add_header 'Access-Control-Allow-Credentials' 'true'
'always';
#               add_header 'Access-Control-Allow-Methods' 'GET, POST,
OPTIONS' 'always';
#               add_header 'Access-Control-Allow-Headers'
'DNT,Access-Control-Allow-Origin,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'
'always';

                location / {

#                       add_header 'Access-Control-Max-Age' 1728000
'always';
#                       add_header 'Access-Control-Allow-Origin' '*'
'always';
#                       add_header 'Access-Control-Allow-Credentials'
'true' 'always';
#                       add_header 'Access-Control-Allow-Methods' 'GET,
POST, OPTIONS' 'always';
#                       add_header 'Access-Control-Allow-Headers'
'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'
'always';

                        auth_basic 'Restricted';
                        auth_basic_user_file /etc/nginx/ssl/.htpasswd;

#                       proxy_set_header 'Access-Control-Max-Age' 1728000;
#                       proxy_set_header 'Access-Control-Allow-Origin' '*';
#                       proxy_set_header 'Access-Control-Allow-Credentials'
'true';
#                       proxy_set_header 'Access-Control-Allow-Methods'
'GET, POST, OPTIONS';
#                       proxy_set_header 'Access-Control-Allow-Headers'
'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';

                        proxy_pass $forwarded_protocol://127.0.0.1:
$forwarded_port;

                }
        }

##########################################################


Any ideas why this regression?

On Wed, Apr 12, 2017 at 10:54 PM, Ajay Garg <ajaygargnsit at gmail.com> wrote:

> Hi Richard.
>
> Thanks for the help.
>
> I added 'always' as the last argument in all the "add_header" and
> "proxy_set_header" directives.
> Unfortunately, I receive the following on the very first "add_header"
> directive ::
>
> #####################################################
> 2017/04/12 17:18:22 [emerg] 28540#0: invalid number of arguments in
> "add_header" directive in /etc/nginx/sites-enabled/default:22
> #####################################################
>
>
> I guess the 'always' argument requires nginx >= 1.7.5.
>
>
> Is there a pre-built package available for nginx?
> Our linux-machine is ::
>
> #####################################################
> uname -a
> Linux proxy 3.13.0-108-generic #155-Ubuntu SMP Wed Jan 11 16:58:52 UTC
> 2017 x86_64 x86_64 x86_64 GNU/Linux
> #####################################################
>
> If not, I guess the link to use is http://nginx.org/en/docs/configure.html,
> but I am very afraid that I might miss something, so a pre-built package >=
> 1.7.5 (provided one exists) for our linux-machine would be great :)
>
>
> Thanks for the help so far !!!
>
>
> Thanks and Regards,
> Ajay
>
> On Wed, Apr 12, 2017 at 8:30 PM, Richard Stanway <
> r1ch+nginx at teamliquid.net> wrote:
>
>> Your are using auth_basic, so the 401 response code is not in the range
>> that add_header works with ("Adds the specified field to a response header
>> provided that the response code equals 200, 201, 204, 206, 301, 302, 303,
>> 304, or 307."). You need to use "always" if you want to include the header
>> in all responses. See the documentation for more details.
>>
>> http://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header
>>
>> On Wed, Apr 12, 2017 at 4:48 PM, Ajay Garg <ajaygargnsit at gmail.com>
>> wrote:
>>
>>> For the record, here is the server-block ::
>>>
>>>
>>> #########################################################
>>> server {
>>>
>>>                 listen 443 ssl;
>>>
>>>                 ssl_certificate /etc/nginx/ssl/nginx.crt;
>>>                 ssl_certificate_key /etc/nginx/ssl/nginx.key;
>>>
>>>                 add_header 'Access-Control-Max-Age' 1728000;
>>>                 add_header 'Access-Control-Allow-Origin' $http_origin;
>>>                 add_header 'Access-Control-Allow-Credentials' 'true';
>>>                 add_header 'Access-Control-Allow-Methods' 'GET, POST,
>>> OPTIONS';
>>>                 add_header 'Access-Control-Allow-Headers'
>>> 'DNT,Access-Control-Allow-Origin,X-CustomHeader,Keep-Alive,U
>>> ser-Agent,X-Requested-With,If-Modified-Since,Cache-Control,
>>> Content-Type';
>>>
>>>                 location / {
>>>
>>>                         add_header 'Access-Control-Max-Age' 1728000;
>>>                         add_header 'Access-Control-Allow-Origin' '*';
>>>                         add_header 'Access-Control-Allow-Credentials'
>>> 'true';
>>>                         add_header 'Access-Control-Allow-Methods' 'GET,
>>> POST, OPTIONS';
>>>                         add_header 'Access-Control-Allow-Headers'
>>> 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,I
>>> f-Modified-Since,Cache-Control,Content-Type';
>>>
>>>                         auth_basic 'Restricted';
>>>                         auth_basic_user_file /etc/nginx/ssl/.htpasswd;
>>>
>>>                         proxy_set_header 'Access-Control-Max-Age'
>>> 1728000;
>>>                         proxy_set_header 'Access-Control-Allow-Origin'
>>> '*';
>>>                         proxy_set_header 'Access-Control-Allow-Credentials'
>>> 'true';
>>>                         proxy_set_header 'Access-Control-Allow-Methods'
>>> 'GET, POST, OPTIONS';
>>>                         proxy_set_header 'Access-Control-Allow-Headers'
>>> 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,I
>>> f-Modified-Since,Cache-Control,Content-Type';
>>>
>>>                         proxy_pass $forwarded_protocol://127.0.0.
>>> 1:$forwarded_port;
>>>
>>>                 }
>>>         }
>>> #########################################################
>>>
>>> On Wed, Apr 12, 2017 at 6:13 PM, Ajay Garg <ajaygargnsit at gmail.com>
>>> wrote:
>>>
>>>> Hi All.
>>>>
>>>> We are facing the following issue :
>>>>
>>>> Cross-Origin Request Blocked: The Same Origin Policy disallows reading
>>>> the remote resource at https://1.2.3.4/. (Reason: CORS header
>>>> 'Access-Control-
>>>> Allow-Origin' missing).
>>>>
>>>> Have tried everything I could find on the google, but nothing works
>>>> (whatever I do in /etc/nginx/sites-available/default)
>>>>
>>>>
>>>> So, first question first, is it even possible to solve this issue on
>>>> the version, as per the information below ::
>>>>
>>>> ########################################################
>>>> nginx -V
>>>> nginx version: nginx/1.4.6 (Ubuntu)
>>>> built by gcc 4.8.4 (Ubuntu 4.8.4-2ubuntu1~14.04.3)
>>>> TLS SNI support enabled
>>>> configure arguments: --with-cc-opt='-g -O2 -fstack-protector
>>>> --param=ssp-buffer-size=4 -Wformat -Werror=format-security
>>>> -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions
>>>> -Wl,-z,relro' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf
>>>> --http-log-path=/var/log/nginx/access.log
>>>> --error-log-path=/var/log/nginx/error.log
>>>> --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid
>>>> --http-client-body-temp-path=/var/lib/nginx/body
>>>> --http-fastcgi-temp-path=/var/lib/nginx/fastcgi
>>>> --http-proxy-temp-path=/var/lib/nginx/proxy
>>>> --http-scgi-temp-path=/var/lib/nginx/scgi
>>>> --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug
>>>> --with-pcre-jit --with-ipv6 --with-http_ssl_module
>>>> --with-http_stub_status_module --with-http_realip_module
>>>> --with-http_addition_module --with-http_dav_module --with-http_flv_module
>>>> --with-http_geoip_module --with-http_gzip_static_module
>>>> --with-http_image_filter_module --with-http_mp4_module
>>>> --with-http_perl_module --with-http_random_index_module
>>>> --with-http_secure_link_module --with-http_spdy_module
>>>> --with-http_sub_module --with-http_xslt_module --with-mail
>>>> --with-mail_ssl_module --add-module=/build/nginx-9sG_
>>>> hy/nginx-1.4.6/debian/modules/headers-more-nginx-module
>>>> --add-module=/build/nginx-9sG_hy/nginx-1.4.6/debian/modules/nginx-auth-pam
>>>> --add-module=/build/nginx-9sG_hy/nginx-1.4.6/debian/modules/nginx-cache-purge
>>>> --add-module=/build/nginx-9sG_hy/nginx-1.4.6/debian/modules/nginx-dav-ext-module
>>>> --add-module=/build/nginx-9sG_hy/nginx-1.4.6/debian/modules/nginx-development-kit
>>>> --add-module=/build/nginx-9sG_hy/nginx-1.4.6/debian/modules/nginx-echo
>>>> --add-module=/build/nginx-9sG_hy/nginx-1.4.6/debian/modules/ngx-fancyindex
>>>> --add-module=/build/nginx-9sG_hy/nginx-1.4.6/debian/modules/nginx-http-push
>>>> --add-module=/build/nginx-9sG_hy/nginx-1.4.6/debian/modules/nginx-lua
>>>> --add-module=/build/nginx-9sG_hy/nginx-1.4.6/debian/modules/nginx-upload-progress
>>>> --add-module=/build/nginx-9sG_hy/nginx-1.4.6/debian/modules/nginx-upstream-fair
>>>> --add-module=/build/nginx-9sG_hy/nginx-1.4.6/debian/modules/
>>>> ngx_http_substitutions_filter_module
>>>> ##########################################################
>>>>
>>>>
>>>>
>>>> Thanks and Regards,
>>>> Ajay
>>>>
>>>
>>>
>>>
>>> --
>>> Regards,
>>> Ajay
>>>
>>> _______________________________________________
>>> nginx mailing list
>>> nginx at nginx.org
>>> http://mailman.nginx.org/mailman/listinfo/nginx
>>>
>>
>>
>> _______________________________________________
>> nginx mailing list
>> nginx at nginx.org
>> http://mailman.nginx.org/mailman/listinfo/nginx
>>
>
>
>
> --
> Regards,
> Ajay
>



-- 
Regards,
Ajay
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20170413/5c249114/attachment-0001.html>


More information about the nginx mailing list