From 48bff7249e85b733f4011e8323991ab6d4f0da7c Mon Sep 17 00:00:00 2001 From: Kazuhito Suda Date: Sat, 15 Jun 2024 19:58:11 +0900 Subject: [PATCH] ADD headers for CORS --- .config.sh | 22 ++++++++++++++++++ config.sh | 22 ++++++++++++++++++ docs/en/installation/orion.md | 15 ++++++++---- docs/ja/installation/orion.md | 15 ++++++++---- lets-fiware.sh | 23 +++++++++++++++++-- setup/template/nginx/nginx-orion-cors-headers | 8 +++---- .../nginx/nginx-orion-cors-request-method | 10 ++++---- 7 files changed, 94 insertions(+), 21 deletions(-) diff --git a/.config.sh b/.config.sh index 07e1d7b..eb65df1 100755 --- a/.config.sh +++ b/.config.sh @@ -51,6 +51,28 @@ ORION_EXPOSE_PORT= # Enable cross-origin resource sharing (CORS) Default: false ORION_CORS= +# Set Access-Control-Allow-Origin header for CORS +# Default: * +set -f +ORION_ACCESS_CONTROL_ALLOW_ORIGIN= +set +f + +# Set Access-Control-Allow-Methods header for CORS +# Default: 'GET, POST, OPTIONS, DELETE, PUT, PATCH' +ORION_ACCESS_CONTROL_ALLOW_METHODS= + +# Set Access-Control-Allow-Headers header for CORS +# Default: 'Origin, Content-Type, Accept, Authorization, X-Requested-With, fiware-service, fiware-servicepath' +ORION_ACCESS_CONTROL_ALLOW_HEADERS= + +# Set Access-Control-Expose-Headers header for CORS +# Default: 'location, fiware-correlator' +ORION_CONTROL_EXPOSE_HEADERS= + +# Set Access-Control-Max-Age header for CORS +# Default: 7200 +ORION_ACCESS_CONTROL_MAX_AGE= + # Docker image for Orion IMAGE_ORION=telefonicaiot/fiware-orion:4.0.0 diff --git a/config.sh b/config.sh index 07e1d7b..eb65df1 100755 --- a/config.sh +++ b/config.sh @@ -51,6 +51,28 @@ ORION_EXPOSE_PORT= # Enable cross-origin resource sharing (CORS) Default: false ORION_CORS= +# Set Access-Control-Allow-Origin header for CORS +# Default: * +set -f +ORION_ACCESS_CONTROL_ALLOW_ORIGIN= +set +f + +# Set Access-Control-Allow-Methods header for CORS +# Default: 'GET, POST, OPTIONS, DELETE, PUT, PATCH' +ORION_ACCESS_CONTROL_ALLOW_METHODS= + +# Set Access-Control-Allow-Headers header for CORS +# Default: 'Origin, Content-Type, Accept, Authorization, X-Requested-With, fiware-service, fiware-servicepath' +ORION_ACCESS_CONTROL_ALLOW_HEADERS= + +# Set Access-Control-Expose-Headers header for CORS +# Default: 'location, fiware-correlator' +ORION_CONTROL_EXPOSE_HEADERS= + +# Set Access-Control-Max-Age header for CORS +# Default: 7200 +ORION_ACCESS_CONTROL_MAX_AGE= + # Docker image for Orion IMAGE_ORION=telefonicaiot/fiware-orion:4.0.0 diff --git a/docs/en/installation/orion.md b/docs/en/installation/orion.md index d6a8555..57c3d34 100644 --- a/docs/en/installation/orion.md +++ b/docs/en/installation/orion.md @@ -15,11 +15,16 @@ You can specify configurations by editing the `config.sh` file. -| Variable name | Description | Default value | -| ------------------- | ------------------------------------------- | ------------- | -| ORION | A sub-domain name of Orion. | orion | -| ORION\_EXPOSE\_PORT | Expose port 1026. (none, local, all) | none | -| ORION\_CORS | Enable cross-origin resource sharing (CORS) | false | +| Variable name | Description | Default value | +| -------------------------------------- | ------------------------------------------------- | --------------------------------------------------------------------------------------------------- | +| ORION | A sub-domain name of Orion. | orion | +| ORION\_EXPOSE\_PORT | Expose port 1026. (none, local, all) | none | +| ORION\_CORS | Enable cross-origin resource sharing (CORS) | false | +| ORION\_ACCESS\_CONTROL\_ALLOW\_ORIGIN | Set Access-Control-Allow-Origin header for CORS | '\*' | +| ORION\_ACCESS\_CONTROL\_ALLOW\_METHODS | Set Access-Control-Allow-Methods header for CORS | 'GET, POST, OPTIONS, DELETE, PUT, PATCH' | +| ORION\_ACCESS\_CONTROL\_ALLOW\_HEADERS | Set Access-Control-Allow-Headers header for CORS | 'Origin, Content-Type, Accept, Authorization, X-Requested-With, fiware-service, fiware-servicepath' | +| ORION\_CONTROL\_EXPOSE\_HEADERS | Set Access-Control-Expose-Headers header for CORS | 'location, fiware-correlator' | +| ORION\_ACCESS\_CONTROL\_MAX\_AGE | Set Access-Control-Max-Age header for CORS | 7200 | ## How to setup diff --git a/docs/ja/installation/orion.md b/docs/ja/installation/orion.md index 1c1879e..0a6a003 100644 --- a/docs/ja/installation/orion.md +++ b/docs/ja/installation/orion.md @@ -17,11 +17,16 @@ `config.sh` ファイルを編集して構成を指定できます。 -| 変数名 | 説明 | 既定値 | -| ------------------- | ---------------------------------------------------- | ------ | -| ORION | Orion のサブドメイン名 | orion | -| ORION\_EXPOSE\_PORT | Orion のポート 1026 を公開。(none, local または all) | none | -| ORION\_CORS | Cross-origin resource sharing (CORS) を有効化 | false | +| 変数名 | 説明 | 既定値 | +| -------------------------------------- | ---------------------------------------------------- | --------------------------------------------------------------------------------------------------- | +| ORION | Orion のサブドメイン名 | orion | +| ORION\_EXPOSE\_PORT | Orion のポート 1026 を公開。(none, local または all) | none | +| ORION\_CORS | Cross-origin resource sharing (CORS) を有効化 | false | +| ORION\_ACCESS\_CONTROL\_ALLOW\_ORIGIN | CORS の Access-Control-Allow-Origin ヘッダを設定 | '\*' | +| ORION\_ACCESS\_CONTROL\_ALLOW\_METHODS | CORS の Access-Control-Allow-Methods ヘッダを設定 | 'GET, POST, OPTIONS, DELETE, PUT, PATCH' | +| ORION\_ACCESS\_CONTROL\_ALLOW\_HEADERS | CORS の Access-Control-Allow-Headers ヘッダを設定 | 'Origin, Content-Type, Accept, Authorization, X-Requested-With, fiware-service, fiware-servicepath' | +| ORION\_CONTROL\_EXPOSE\_HEADERS | CORS の Access-Control-Expose-Headers ヘッダを設定 | 'location, fiware-correlator' | +| ORION\_ACCESS\_CONTROL\_MAX\_AGE | CORS の Access-Control-Max-Age header ヘッダを設定 | 7200 | diff --git a/lets-fiware.sh b/lets-fiware.sh index 666cff1..87acbee 100755 --- a/lets-fiware.sh +++ b/lets-fiware.sh @@ -1963,8 +1963,27 @@ EOF create_nginx_conf "${ORION}" "nginx-orion" if "${ORION_CORS}"; then - sed -i "/__NGINX_ORION_CORS_HEADERS__/r ${SETUP_DIR}/template/nginx/nginx-orion-cors-headers" "${NGINX_SITES}/${ORION}" - sed -i "/__NGINX_ORION_CORS_REQUEST_METHOD__/r ${SETUP_DIR}/template/nginx/nginx-orion-cors-request-method" "${NGINX_SITES}/${ORION}" + set -f + if [ -z ${ORION_ACCESS_CONTROL_ALLOW_ORIGIN} ]; then + ORION_ACCESS_CONTROL_ALLOW_ORIGIN="'*'" + fi + : ${ORION_ACCESS_CONTROL_ALLOW_METHODS:="'GET, POST, OPTIONS, DELETE, PUT, PATCH'"} + : ${ORION_ACCESS_CONTROL_ALLOW_HEADERS:="'Origin, Content-Type, Accept, Authorization, X-Requested-With, fiware-service, fiware-servicepath'"} + : ${ORION_CONTROL_EXPOSE_HEADERS:="'location, fiware-correlator'"} + : ${ORION_ACCESS_CONTROL_MAX_AGE:=7200} + + sed -i \ + -e "/__NGINX_ORION_CORS_HEADERS__/r ${SETUP_DIR}/template/nginx/nginx-orion-cors-headers" \ + -e "/__NGINX_ORION_CORS_REQUEST_METHOD__/r ${SETUP_DIR}/template/nginx/nginx-orion-cors-request-method" \ + "${NGINX_SITES}/${ORION}" + sed -i \ + -e "s/ORION_ACCESS_CONTROL_ALLOW_ORIGIN/${ORION_ACCESS_CONTROL_ALLOW_ORIGIN}/" \ + -e "s/ORION_ACCESS_CONTROL_ALLOW_METHODS/${ORION_ACCESS_CONTROL_ALLOW_METHODS}/" \ + -e "s/ORION_ACCESS_CONTROL_ALLOW_HEADERS/${ORION_ACCESS_CONTROL_ALLOW_HEADERS}/" \ + -e "s/ORION_CONTROL_EXPOSE_HEADERS/${ORION_CONTROL_EXPOSE_HEADERS}/" \ + -e "s/ORION_ACCESS_CONTROL_MAX_AGE/${ORION_ACCESS_CONTROL_MAX_AGE}/" \ + "${NGINX_SITES}/${ORION}" + set +f fi add_nginx_depends_on "orion" diff --git a/setup/template/nginx/nginx-orion-cors-headers b/setup/template/nginx/nginx-orion-cors-headers index c56e36d..83abc1d 100644 --- a/setup/template/nginx/nginx-orion-cors-headers +++ b/setup/template/nginx/nginx-orion-cors-headers @@ -1,6 +1,6 @@ # Add CORS Headers - add_header 'Access-Control-Allow-Origin' '*' always; - add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, DELETE, PUT, PATCH' always; - add_header 'Access-Control-Allow-Headers' 'Origin, Content-Type, Accept, Authorization, X-Requested-With, fiware-service, fiware-servicepath' always; - add_header 'Access-Control-Expose-Headers' 'location, fiware-correlator' always; + add_header 'Access-Control-Allow-Origin' ORION_ACCESS_CONTROL_ALLOW_ORIGIN; + add_header 'Access-Control-Allow-Methods' ORION_ACCESS_CONTROL_ALLOW_METHODS; + add_header 'Access-Control-Allow-Headers' ORION_ACCESS_CONTROL_ALLOW_HEADERS; + add_header 'Access-Control-Expose-Headers' ORION_CONTROL_EXPOSE_HEADERS; diff --git a/setup/template/nginx/nginx-orion-cors-request-method b/setup/template/nginx/nginx-orion-cors-request-method index 30d026c..76cad5c 100644 --- a/setup/template/nginx/nginx-orion-cors-request-method +++ b/setup/template/nginx/nginx-orion-cors-request-method @@ -1,9 +1,9 @@ if ($request_method = 'OPTIONS') { - add_header 'Access-Control-Allow-Origin' '*' always; - add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, DELETE, PUT, PATCH' always; - add_header 'Access-Control-Allow-Headers' 'Origin, Content-Type, Accept, Authorization, X-Requested-With, fiware-service, fiware-servicepath' always; - add_header 'Access-Control-Expose-Headers' 'location, fiware-correlator' always; - add_header 'Access-Control-Max-Age' 1728000; + add_header 'Access-Control-Allow-Origin' ORION_ACCESS_CONTROL_ALLOW_ORIGIN; + add_header 'Access-Control-Allow-Methods' ORION_ACCESS_CONTROL_ALLOW_METHODS; + add_header 'Access-Control-Allow-Headers' ORION_ACCESS_CONTROL_ALLOW_HEADERS; + add_header 'Access-Control-Expose-Headers' ORION_CONTROL_EXPOSE_HEADERS; + add_header 'Access-Control-Max-Age' ORION_ACCESS_CONTROL_MAX_AGE; add_header 'Content-Type' 'text/plain charset=UTF-8'; add_header 'Content-Length' 0; return 204;