ADD headers for CORS

lets-fiware · Jun 15, 2024 · 48bff72 · 48bff72
1 parent fe810ab
commit 48bff72
Show file tree

Hide file tree

Showing 7 changed files with 94 additions and 21 deletions.
diff --git a/.config.sh b/.config.sh
@@ -51,6 +51,28 @@ ORION_EXPOSE_PORT=
 # Enable cross-origin resource sharing (CORS) Default: false
 ORION_CORS=
 
+# Set Access-Control-Allow-Origin header for CORS
+#   Default: *
+set -f
+ORION_ACCESS_CONTROL_ALLOW_ORIGIN=
+set +f
+
+# Set Access-Control-Allow-Methods header for CORS
+#   Default: 'GET, POST, OPTIONS, DELETE, PUT, PATCH'
+ORION_ACCESS_CONTROL_ALLOW_METHODS=
+
+# Set Access-Control-Allow-Headers header for CORS
+#   Default: 'Origin, Content-Type, Accept, Authorization, X-Requested-With, fiware-service, fiware-servicepath'
+ORION_ACCESS_CONTROL_ALLOW_HEADERS=
+
+# Set Access-Control-Expose-Headers header for CORS
+#   Default: 'location, fiware-correlator'
+ORION_CONTROL_EXPOSE_HEADERS=
+
+# Set Access-Control-Max-Age header for CORS
+#   Default: 7200
+ORION_ACCESS_CONTROL_MAX_AGE=
+
 # Docker image for Orion
 IMAGE_ORION=telefonicaiot/fiware-orion:4.0.0
 

diff --git a/config.sh b/config.sh
@@ -51,6 +51,28 @@ ORION_EXPOSE_PORT=
 # Enable cross-origin resource sharing (CORS) Default: false
 ORION_CORS=
 
+# Set Access-Control-Allow-Origin header for CORS
+#   Default: *
+set -f
+ORION_ACCESS_CONTROL_ALLOW_ORIGIN=
+set +f
+
+# Set Access-Control-Allow-Methods header for CORS
+#   Default: 'GET, POST, OPTIONS, DELETE, PUT, PATCH'
+ORION_ACCESS_CONTROL_ALLOW_METHODS=
+
+# Set Access-Control-Allow-Headers header for CORS
+#   Default: 'Origin, Content-Type, Accept, Authorization, X-Requested-With, fiware-service, fiware-servicepath'
+ORION_ACCESS_CONTROL_ALLOW_HEADERS=
+
+# Set Access-Control-Expose-Headers header for CORS
+#   Default: 'location, fiware-correlator'
+ORION_CONTROL_EXPOSE_HEADERS=
+
+# Set Access-Control-Max-Age header for CORS
+#   Default: 7200
+ORION_ACCESS_CONTROL_MAX_AGE=
+
 # Docker image for Orion
 IMAGE_ORION=telefonicaiot/fiware-orion:4.0.0
 

diff --git a/docs/en/installation/orion.md b/docs/en/installation/orion.md
@@ -15,11 +15,16 @@
 
 You can specify configurations by editing the `config.sh` file.
 
-| Variable name       | Description                                 | Default value |
-| ------------------- | ------------------------------------------- | ------------- |
-| ORION               | A sub-domain name of Orion.                 | orion         |
-| ORION\_EXPOSE\_PORT | Expose port 1026. (none, local, all)        | none          |
-| ORION\_CORS         | Enable cross-origin resource sharing (CORS) | false         |
+| Variable name                          | Description                                       | Default value                                                                                       |
+| -------------------------------------- | ------------------------------------------------- | --------------------------------------------------------------------------------------------------- |
+| ORION                                  | A sub-domain name of Orion.                       | orion                                                                                               |
+| ORION\_EXPOSE\_PORT                    | Expose port 1026. (none, local, all)              | none                                                                                                |
+| ORION\_CORS                            | Enable cross-origin resource sharing (CORS)       | false                                                                                               |
+| ORION\_ACCESS\_CONTROL\_ALLOW\_ORIGIN  | Set Access-Control-Allow-Origin header for CORS   | '\*'                                                                                                |
+| ORION\_ACCESS\_CONTROL\_ALLOW\_METHODS | Set Access-Control-Allow-Methods header for CORS  | 'GET, POST, OPTIONS, DELETE, PUT, PATCH'                                                            |
+| ORION\_ACCESS\_CONTROL\_ALLOW\_HEADERS | Set Access-Control-Allow-Headers header for CORS  | 'Origin, Content-Type, Accept, Authorization, X-Requested-With, fiware-service, fiware-servicepath' |
+| ORION\_CONTROL\_EXPOSE\_HEADERS        | Set Access-Control-Expose-Headers header for CORS | 'location, fiware-correlator'                                                                       |
+| ORION\_ACCESS\_CONTROL\_MAX\_AGE       | Set Access-Control-Max-Age header for CORS        | 7200                                                                                                |
 
 ## How to setup
 

diff --git a/docs/ja/installation/orion.md b/docs/ja/installation/orion.md
@@ -17,11 +17,16 @@
 
 `config.sh` ファイルを編集して構成を指定できます。
 
-| 変数名              | 説明                                                 | 既定値 |
-| ------------------- | ---------------------------------------------------- | ------ |
-| ORION               | Orion のサブドメイン名                               | orion  | 
-| ORION\_EXPOSE\_PORT | Orion のポート 1026 を公開。(none, local または all) | none   |
-| ORION\_CORS         | Cross-origin resource sharing (CORS) を有効化        | false  |
+| 変数名                                 | 説明                                                 | 既定値                                                                                              |
+| -------------------------------------- | ---------------------------------------------------- | --------------------------------------------------------------------------------------------------- |
+| ORION                                  | Orion のサブドメイン名                               | orion                                                                                               |
+| ORION\_EXPOSE\_PORT                    | Orion のポート 1026 を公開。(none, local または all) | none                                                                                                |
+| ORION\_CORS                            | Cross-origin resource sharing (CORS) を有効化        | false                                                                                               |
+| ORION\_ACCESS\_CONTROL\_ALLOW\_ORIGIN  | CORS の Access-Control-Allow-Origin ヘッダを設定     | '\*'                                                                                                |
+| ORION\_ACCESS\_CONTROL\_ALLOW\_METHODS | CORS の Access-Control-Allow-Methods ヘッダを設定    | 'GET, POST, OPTIONS, DELETE, PUT, PATCH'                                                            |
+| ORION\_ACCESS\_CONTROL\_ALLOW\_HEADERS | CORS の Access-Control-Allow-Headers ヘッダを設定    | 'Origin, Content-Type, Accept, Authorization, X-Requested-With, fiware-service, fiware-servicepath' |
+| ORION\_CONTROL\_EXPOSE\_HEADERS        | CORS の Access-Control-Expose-Headers ヘッダを設定   | 'location, fiware-correlator'                                                                       |
+| ORION\_ACCESS\_CONTROL\_MAX\_AGE       | CORS の Access-Control-Max-Age header ヘッダを設定   | 7200                                                                                                |
 
 <a name="how-to-setup"></a>
 

diff --git a/lets-fiware.sh b/lets-fiware.sh
@@ -1963,8 +1963,27 @@ EOF
   create_nginx_conf "${ORION}" "nginx-orion"
 
   if "${ORION_CORS}"; then
-    sed -i "/__NGINX_ORION_CORS_HEADERS__/r ${SETUP_DIR}/template/nginx/nginx-orion-cors-headers" "${NGINX_SITES}/${ORION}"
-    sed -i "/__NGINX_ORION_CORS_REQUEST_METHOD__/r ${SETUP_DIR}/template/nginx/nginx-orion-cors-request-method" "${NGINX_SITES}/${ORION}"
+    set -f
+    if [ -z ${ORION_ACCESS_CONTROL_ALLOW_ORIGIN} ]; then
+      ORION_ACCESS_CONTROL_ALLOW_ORIGIN="'*'"
+    fi
+    : ${ORION_ACCESS_CONTROL_ALLOW_METHODS:="'GET, POST, OPTIONS, DELETE, PUT, PATCH'"}
+    : ${ORION_ACCESS_CONTROL_ALLOW_HEADERS:="'Origin, Content-Type, Accept, Authorization, X-Requested-With, fiware-service, fiware-servicepath'"}
+    : ${ORION_CONTROL_EXPOSE_HEADERS:="'location, fiware-correlator'"}
+    : ${ORION_ACCESS_CONTROL_MAX_AGE:=7200}
+
+    sed -i \
+        -e "/__NGINX_ORION_CORS_HEADERS__/r ${SETUP_DIR}/template/nginx/nginx-orion-cors-headers" \
+        -e "/__NGINX_ORION_CORS_REQUEST_METHOD__/r ${SETUP_DIR}/template/nginx/nginx-orion-cors-request-method" \
+        "${NGINX_SITES}/${ORION}"
+    sed -i \
+        -e "s/ORION_ACCESS_CONTROL_ALLOW_ORIGIN/${ORION_ACCESS_CONTROL_ALLOW_ORIGIN}/" \
+        -e "s/ORION_ACCESS_CONTROL_ALLOW_METHODS/${ORION_ACCESS_CONTROL_ALLOW_METHODS}/" \
+        -e "s/ORION_ACCESS_CONTROL_ALLOW_HEADERS/${ORION_ACCESS_CONTROL_ALLOW_HEADERS}/" \
+        -e "s/ORION_CONTROL_EXPOSE_HEADERS/${ORION_CONTROL_EXPOSE_HEADERS}/" \
+        -e "s/ORION_ACCESS_CONTROL_MAX_AGE/${ORION_ACCESS_CONTROL_MAX_AGE}/" \
+        "${NGINX_SITES}/${ORION}"
+    set +f
   fi
 
   add_nginx_depends_on "orion"

diff --git a/setup/template/nginx/nginx-orion-cors-headers b/setup/template/nginx/nginx-orion-cors-headers
@@ -1,6 +1,6 @@
   # Add CORS Headers
-  add_header 'Access-Control-Allow-Origin' '*' always;
-  add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, DELETE, PUT, PATCH' always;
-  add_header 'Access-Control-Allow-Headers' 'Origin, Content-Type, Accept, Authorization, X-Requested-With, fiware-service, fiware-servicepath' always;
-  add_header 'Access-Control-Expose-Headers' 'location, fiware-correlator' always;
+  add_header 'Access-Control-Allow-Origin' ORION_ACCESS_CONTROL_ALLOW_ORIGIN;
+  add_header 'Access-Control-Allow-Methods' ORION_ACCESS_CONTROL_ALLOW_METHODS;
+  add_header 'Access-Control-Allow-Headers' ORION_ACCESS_CONTROL_ALLOW_HEADERS;
+  add_header 'Access-Control-Expose-Headers' ORION_CONTROL_EXPOSE_HEADERS;
 
diff --git a/setup/template/nginx/nginx-orion-cors-request-method b/setup/template/nginx/nginx-orion-cors-request-method
@@ -1,9 +1,9 @@
     if ($request_method = 'OPTIONS') {
-      add_header 'Access-Control-Allow-Origin' '*' always;
-      add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, DELETE, PUT, PATCH' always;
-      add_header 'Access-Control-Allow-Headers' 'Origin, Content-Type, Accept, Authorization, X-Requested-With, fiware-service, fiware-servicepath' always;
-      add_header 'Access-Control-Expose-Headers' 'location, fiware-correlator' always;
-      add_header 'Access-Control-Max-Age' 1728000;
+      add_header 'Access-Control-Allow-Origin' ORION_ACCESS_CONTROL_ALLOW_ORIGIN;
+      add_header 'Access-Control-Allow-Methods' ORION_ACCESS_CONTROL_ALLOW_METHODS;
+      add_header 'Access-Control-Allow-Headers' ORION_ACCESS_CONTROL_ALLOW_HEADERS;
+      add_header 'Access-Control-Expose-Headers' ORION_CONTROL_EXPOSE_HEADERS;
+      add_header 'Access-Control-Max-Age' ORION_ACCESS_CONTROL_MAX_AGE;
       add_header 'Content-Type' 'text/plain charset=UTF-8';
       add_header 'Content-Length' 0;
       return 204;