-
-
Notifications
You must be signed in to change notification settings - Fork 356
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: Fix cors headers #7900
fix: Fix cors headers #7900
Conversation
We want to include PATCH, PUT, etc.
* centralize cors headers handling in perl code * add Access-Control-Allow-Methods correctly * add tests
Noice 👍 |
I want a validation of @stephanegigandet on this one, as it is a big refactor ! |
Looks good to me, but I have not tested it. Maybe wait until January until we merge and deploy this. |
Thanks for adding all the tests. :) |
@@ -14,6 +14,13 @@ | |||
# Default server configuration |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we should move this file to conf/nginx/nginx.conf (which currently seems to contain the default nginx.conf)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ah I'm confused, this nginx.conf file is only for docker, which does not use the files in sites-available?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes for docker we have a different config than in prod.
So I kept the nginx conf for prod in conf/nginx, while docker simply uses conf/nginx.conf
(a docker nginx instance only serve one application, and obf, opf, etc. are not docker ready yet.)
Deployed on https://world.openfoodfacts.dev and https://world.pro.openfoodfacts.dev with a few minor changes to add the off:off authentication and change .org to .dev also removed the const { off } = require("gulp") line |
For some reason, I don't get the access-control-allow-origin: * header for v3 API queries, but I do get it for v2. (same in prod in fact)
|
Are you sure you have the right code ? (it's not just a nginx config) For you should not only have "access-control-allow-origin: *" but also the "Access-Control-Allow-Methods" header. |
Kudos, SonarCloud Quality Gate passed! |
I redeployed and tested again, all good! |
centralize cors headers handling in perl code
add Access-Control-Allow-Methods correctly
add tests
cleaned nginx prod configurations
make docker nginx more close to production configuration
should fix: