Skip to content

Commit

Permalink
feature: add CORS_ALLOW_PRIVATE_NETWORK_ACCESS env var
Browse files Browse the repository at this point in the history
  • Loading branch information
danielcompton committed Oct 16, 2023
1 parent 2134898 commit 768031b
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 0 deletions.
13 changes: 13 additions & 0 deletions common/etc/nginx/templates/gateway/cors.conf.template
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
set $request_cors "${request_method}_${CORS_ENABLED}";
set $cors_private_network "${CORS_ALLOW_PRIVATE_NETWORK_ACCESS};

if ($request_cors = "OPTIONS_1") {
add_header 'Access-Control-Allow-Origin' '${CORS_ALLOWED_ORIGIN}';
Expand All @@ -11,6 +12,18 @@ if ($request_cors = "OPTIONS_1") {
# Tell client that this pre-flight info is valid for 20 days
#
add_header 'Access-Control-Max-Age' 1728000;
#
# Allow/deny Private Network Access CORS requests.
# https://developer.chrome.com/blog/private-network-access-preflight/
#
if ($http_access_control_request_private_network = "true") {
if ($cors_private_network = "true") {
add_header 'Access-Control-Allow-Private-Network' 'true';
}
if ($cors_private_network = "false") {
add_header 'Access-Control-Allow-Private-Network' 'false';
}
}
add_header 'Content-Type' 'text/plain; charset=utf-8';
add_header 'Content-Length' 0;
return 204;
Expand Down
1 change: 1 addition & 0 deletions docs/getting_started.md
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,7 @@ running as a Container or as a Systemd service.
| `HEADER_PREFIXES_TO_STRIP` | No | | | A list of HTTP header prefixes that exclude headers client responses. List should be specified in lower-case and a semicolon (;) should be used to as a deliminator between values. For example: `x-goog-;x-something-` |
| `CORS_ENABLED` | No | `true`, `false` | `false` | Flag that enables CORS headers on GET requests and enables pre-flight OPTIONS requests. If enabled, this will add CORS headers for "fully open" cross domain requests by default, meaning all domains are allowed, similar to the settings show in [this example](https://enable-cors.org/server_nginx.html). CORS settings can be fine-tuned by overwriting the [`cors.conf.template`](/common/etc/nginx/templates/gateway/cors.conf.template) file. |
| `CORS_ALLOWED_ORIGIN` | No | | | value to set to be returned from the CORS `Access-Control-Allow-Origin` header. This value is only used if CORS is enabled. (default: \*) |
| `CORS_ALLOW_PRIVATE_NETWORK_ACCESS` | No | `true`, `false` | | Flag that OPTIONS requests with `Access-Control-Request-Private-Network: true` to respond with `Access-Control-Allow-Private-Network: true`. If "true" This value is only used if CORS is enabled.


If you are using [AWS instance profile credentials](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html),
Expand Down

0 comments on commit 768031b

Please sign in to comment.