Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable CORS: Access-Control-Allow-Origin #373

Open
tiotrom opened this issue Feb 9, 2021 · 3 comments
Open

Enable CORS: Access-Control-Allow-Origin #373

tiotrom opened this issue Feb 9, 2021 · 3 comments
Labels
opinion needed security

Comments

@tiotrom
Copy link

tiotrom commented Feb 9, 2021

How can I properly enable CORS for this? I come from Apache and .htaccess. In Nginx should I edit the /ect/nginx/conf.d/URL.tf.d (where URL is the domain where Nextcloud is installed). If so, what is the proper code to do that in Nginx? Cheers!
@alexAubin
Copy link
Member

(It would be nice if you can elaborate why / what you are trying to achieve...)

@tiotrom
Copy link
Author

tiotrom commented Feb 14, 2021

Oh for sure. I should have done that form the beginning. Sorry.
So we have nextcloud installed at drive.tromsite.com. There we host our books in PDF - https://www.drive.tromsite.com/s/FLJece78Wd9kq7i?path=%2FTROM%20eBooks%2FPDF

But we display these books on tromsite.com at https://www.tromsite.com/books/

So the PDFs from drive.tromsite.com need to be displayed on tromsite.com. For this we had enabled CORS in .htaccess for our previous Nextcloud installation, as such:

         RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ $1 [R=200,L]

SetEnvIf Origin "^http(s)?://(.+\.)?(tromsite\.com|tromsite\.de)$" origin_is=$0 
Header always set Access-Control-Allow-Origin %{origin_is}e env=origin_is

Header always set Access-Control-Allow-Headers "range" 

Header always set Access-Control-Expose-Headers: "Accept-Ranges, Content-Encoding, Content-Length, Content-Range"

Header always set Access-Control-Allow-Methods: "POST, GET, OPTIONS"

Header always set Accept-Ranges "bytes"

Header always set Access-Control-Allow-Credentials "true"

But we were using Apache. Now we use Nginx. To translate the above I tried:

more_set_headers "Access-Control-Allow-Origin https://www.tromsite.com";
  more_set_headers "Access-Control-Allow-Headers range";
  more_set_headers "Access-Control-Allow-Methods: GET, POST, OPTIONS";
  more_set_headers "Accept-Ranges bytes=0–1023";
  more_set_headers "Access-Control-Allow-Credentials true";

In /ect/nginx/conf.d/URL.tf.d (where URL is the domain where Nextcloud is installed). Restarted Nginx. And it works. But there is no partial loading of content, so one has to wait until a PDF is fully downlaoded before seeing it at tromsite.com/books. You know what I mean?

@tituspijean
Copy link
Member

This should address #580 too.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
opinion needed security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@zamentur @alexAubin @tituspijean @tiotrom