CORS block only localhost request - express

I have a problem with my server developed in EXPRESS and hosted on NGINX.
I use passport.js for user authentication, even if I don't think this is the problem, and when I try to login from localhost I get an error while if I run it by uploading it to my domain I don't get it wrong and it works correctly, so I think it's a CORS problem blocking localhost requests.
NGINX default
server {
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name api.mysite.com www.api.mysite.com;
location / {
proxy_pass https://localhost:3007; #whatever port your app runs on
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
if ($http_origin ~* (^https?://([^/]+\.)*(mysite)\.com$)) {
set $cors "true";
}
if ($http_origin ~* (^http?://([^/]+\.)*(localhost:3006))) {
set $cors "true";
}
if ($http_origin ~* (^https?://([^/]+\.)*(192.168.1.21:3006))) {
set $cors "true";
}
# Nginx doesn't support nested If statements. This is where things get slightly nasty.
# Determine the HTTP request method used
if ($request_method = 'OPTIONS') {
set $cors "${cors}options";
}
if ($request_method = 'GET') {
set $cors "${cors}get";
}
if ($request_method = 'POST') {
set $cors "${cors}post";
}
if ($cors = "true") {
# Catch all incase there's a request method we're not dealing with properly
add_header 'Access-Control-Allow-Origin' "$http_origin";
}
if ($cors = "trueget") {
add_header 'Access-Control-Allow-Origin' "$http_origin";
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
}
if ($cors = "trueoptions") {
add_header 'Access-Control-Allow-Origin' "$http_origin";
#
# Om nom nom cookies
#
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
#
# Custom headers and headers various browsers *should* be OK with but aren't
#
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
#
# Tell client that this pre-flight info is valid for 20 days
#
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain charset=UTF-8';
add_header 'Content-Length' 0;
return 204;
}
if ($cors = "truepost") {
add_header 'Access-Control-Allow-Origin' "$http_origin";
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
}
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/mysite.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/mysite.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
serverDev.js
const sessionParser = session({
saveUninitialized: false,
secret: 'secret',
resave: false,
cookie: {expires: 43200000, secure: false }
})
var privateKey = fs.readFileSync('ssl-cert/privkey.pem', 'utf8');
var certificate = fs.readFileSync('ssl-cert/fullchain.pem', 'utf8');
var credentials = { key: privateKey, cert: certificate };
var httpsServer = https.createServer(credentials,app);
routes.js
app.post('/Login', passport.authenticate('local-login', {
successRedirect : '/Profile',
failureRedirect : '/Login',
failureFlash : false
}),
function(req, res) {
if (req.body.remember) {
req.session.cookie.maxAge = 1000 * 60 * 3;
} else {
req.session.cookie.expires = false;
}
res.redirect('/Login');
});
app.get('/Profile', isLoggedIn, todoList.profile);
function isLoggedIn(req, res, next) {
console.log("isLoggedIn",req.isAuthenticated()) <--- THIS IS THE PROBLEM IN LOCALHOST RETURN ALWAYS FALSE
if (req.isAuthenticated())
return next();
res.redirect('/Login');
}
passport.js
passport.serializeUser(function(user, done) {
done(null, user.id);
});
passport.deserializeUser(function(id, done) {
connection.query("use `Users`");
connection.query("SELECT * FROM Accounts WHERE id = ? ",[id], function(err, rows){
if (err){
return done(err);
}
var user = rows[0];
done(err, user);
});
});

If anyone else had this problem I solved it by configuring the 'express-session' in this way
var session = require('express-session');
const sessionParser = session({
secret: 'your-secret',
resave: false,
saveUninitialized: true,
cookie: {
secure: true,
httpOnly: true,
sameSite: 'none',
maxAge: 1000 * 60 * 60 * 12 // milliseconds * seconds * minutes * hours
}
})

Related

It is not clear how the CORS policy works for NGINX and ASP.NET Core

Good day. On an Ubuntu 20.04 server, nginx is installed and a daemonized asp.net core web api project is running (serves as a back-end). On the back-end, I enabled the CORS policy and allowed full access to the server, that is, all requests from all origins must go through. However, the requests fail, referring to the CORS policy. Is it possible that the cloud network does not pass? Please tell me what's the matter.
My Program.cs:
`
var builder = WebApplication.CreateBuilder(args);
string connection = builder.Configuration.GetConnectionString("DatabaseConnection");
// Add services to the container.
builder.Services.AddControllers();
// Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle
builder.Services.AddEndpointsApiExplorer();
builder.Services.AddScoped<IUserService, UserService>();
builder.Services.AddDbContext<DatabaseContext>(options => options.UseSqlServer(connection));
builder.Services.AddHttpContextAccessor();
builder.Services.AddSwaggerGen(options =>
{
options.AddSecurityDefinition("oauth2", new OpenApiSecurityScheme
{
Description = "Standard Authorization header using the Bearer scheme (\"bearer {token}\")",
In = ParameterLocation.Header,
Name = "Authorization",
Type = SecuritySchemeType.ApiKey
});
options.OperationFilter<SecurityRequirementsOperationFilter>();
});
builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8
.GetBytes(builder.Configuration.GetSection("AppSettings:Token").Value)),
ValidateIssuer = false,
ValidateAudience = false
};
});
builder.Services.AddCors(options => options.AddPolicy(name: "NgOrigins",
policy =>
{
policy.WithOrigins("http://[website adress what i need]", "http://localhost:8080", "http://[website ip adress]", "http://[website ip adress]:7000").AllowAnyMethod().AllowAnyHeader();
}));
var app = builder.Build();
// Configure the HTTP request pipeline.
if (app.Environment.IsDevelopment())
{
app.UseSwagger();
app.UseSwaggerUI();
}
app.UseCors("NgOrigins");
app.UseHttpsRedirection();
app.UseAuthentication();
app.UseAuthorization();
app.MapControllers();
app.Run();
`
My current config for back-end:
server {
listen 81;
server_name [server domain name];
location / {
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Cont> #
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain; charset=utf-8';
add_header 'Content-Length' 0;
return 204;
}
if ($request_method = 'POST') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Cont> add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
}
if ($request_method = 'GET') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Cont> add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
}
proxy_pass http://localhost:5000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
I tried adding special add-ons to /etc/nginx/sites-enabled/default and /etc/nginx/sites-aviable/default after location (default in this case is the back-end configuration of the project):
`
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain; charset=utf-8';
add_header 'Content-Length' 0;
return 204;
}
if ($request_method = 'POST') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
}
if ($request_method = 'GET') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
}
`

404 after refreshing page vue/nginx

I looked for this error and just found solutions using history mode in vue and redirects in nginx location block. I did this like:
nginx:
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name tests.test;
return 302 https://$server_name$request_uri;
}
server{
# SSL configuration
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Headers' 'Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range';
add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS,PUT,DELETE,PATCH';
include snippets/self-signed.conf;
include snippets/ssl-params.conf;
location / {
root /var/www/client/pvapp-client/dist;
index index.html index.htm;
try_files $uri $uri/ /index.html;
...
And in my vue router:
Vue.use(Router)
const router = new Router({
mode: 'history',
routes: [{
path: '/',
name: 'home',
component: Home
},
{
path: '/app',
name: 'app',
component: Application
},
{
path: '/settings',
name: 'settings',
component: Settings
},
// otherwise redirect to home
{
path: '*',
redirect: '/'
}
]
})
And I still get the error from the server trying to serve a non existing route.
The vue error log is also warning:
"/var/www/client/pvapp-client/dist/app" failed (2: No such file or
directory)
Okay, I got it. Somehow the GET part of this setting has made the problems. Don't know why tho. Just comment it and everything worked fine:
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
# Custom headers and headers various browsers *should* be OK with but aren't
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain; charset=utf-8';
add_header 'Content-Length' 0;
return 204;
}
if ($request_method = 'POST') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
}
#if ($request_method = 'GET') {
# add_header 'Access-Control-Allow-Origin' '*';
# add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
# add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-#Modified-Since,Cache-Control,Content-Type,Range';
# add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
#}

Nginx upstream to express server - 502 error

Heyo, I have a nginx server on digital ocean. I used to host on AWS with PM2 but tweaked this to run it with nginx.
The problem is that it seems I get a 502. Something just isn't configured right. Originally I had the client just being served and that worked but when i switched to the server doing it 502's as well.
The client and server folders are in the same parent directory.
Here is my current var/nginx/sites-available/default
# Main Content Delivery Block (SSL)
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name quakeviz.app;
ssl on;
ssl_certificate /etc/ssl/certs/mpaccione_ssl.crt;
ssl_certificate_key /etc/ssl/private/mpaccione_ssl.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
add_header Content-Security-Policy upgrade-insecure-requests;
location / {
root /var/www/html/usgs_viz/server;
proxy_pass https://quakeviz.app:8080/;
proxy_ssl_session_reuse on;
#try_files $uri $uri/ /;
}
#location /bufferLength {
# root /var/www/html/usgs_viz/server;
# proxy_pass https://quakeviz.app:8080/;
# proxy_ssl_session_reuse on;
#}
#location /quakeData {
# root /var/www/html/usgs_viz/server;
# proxy_pass https://quakeviz.app:8080/;
# proxy_ssl_session_reuse on;
#}
}
# Redirect
#server {
# listen 80 default_server;
# listen [::]:80 default_server;
# listen 443 ssl;
# listen [::]:443 ssl;
#
# return 301 https://quakeviz.app$request_uri;
#}
Here is the index.js in the server folder. I get a 502 now (updated question) on the client and the api.
// Modules
const cors = require('cors'),
express = require('express'),
expressStaticGzip = require('express-static-gzip'),
fs = require('fs'),
path = require('path'),
app = express(),
// Globals
getDirectories = (source) => {
return fs
.readdirSync(source, { withFileTypes: true })
.filter((dir) => dir.isDirectory())
.map((dir) => dir.name)
}
// CORS for Local Testing
app.use(cors())
// Compression
app.use(
'/',
expressStaticGzip(path.join(__dirname, '../client/build'), {
enableBrotli: true,
orderPreference: ['br', 'gz'],
})
)
// Routes
app.get('/', function (req, res) {
res.sendFile(path.join(__dirname, '../client/build', 'index.html'))
})
app.get('/.well-known(/*)?', function (req, res) {
res.sendFile(path.join(__dirname, '../.well-known', 'assetlinks.json'))
})
app.get('/privacy-policy', function (req, res) {
res.sendFile(path.join(__dirname, '../privacy_policy.html'))
})
// API
app.get('/bufferLength', function (req, res) {
const encoding = req.headers['accept-encoding'],
compArr = getDirectories(
path.join(__dirname, '/api-data/compressed/')
).sort(function sortNum(a, b) {
return b - a
})
if (compArr.length < 2) {
console.warn('ByteLength Not Available')
res.status(500).send(new Error('ByteLength Not Available'))
} else {
console.log('BUFFER LENGTH RES')
fs.readFile(
path.join(
__dirname,
`/api-data/compressed/${compArr[1]}/byteLength.json`
),
(err, data) => {
if (err) {
console.warn(err)
res.status(500).send(new Error(err))
} else {
console.log(data)
res.writeHead(200, { 'Content-Type': 'application/json' })
res.end(data)
}
}
)
}
})
app.get('/quakeData/:index', function (req, res) {
const encoding = req.headers['accept-encoding'],
index = req.params.index,
compArr = getDirectories(
path.join(__dirname, '/api-data/compressed/')
).sort(function sortNum(a, b) {
return a - b
})
// Send Second Newest Dataset as Latest May hvae Read/Writes
if (compArr.length <= 1) {
console.warn('Unsupported Content Encoding Headers')
res.status(500).send(new Error('Dataset Not Currently Available'))
} else {
if (encoding.includes('br')) {
console.log('BROTLI RES')
fs.readFile(
path.join(
__dirname,
`/api-data/compressed/${compArr[1]}/brotliData${index}.txt.br`
),
(err, data) => {
if (err) {
console.warn(err)
res
.status(500)
.send(new Error('Brotli Compression Data Read Error'))
} else {
res.writeHead(200, {
'Content-Type': 'application/json',
'Content-Encoding': 'br',
})
res.end(data)
}
}
)
} else if (encoding.includes('gzip')) {
console.log('GZIP RES')
fs.readFile(
path.join(
__dirname,
`/api-data/compressed/${compArr[1]}/gzipData${index}.txt.gz`
),
(err, data) => {
if (err) {
console.warn(err)
res.status(500).send(new Error('Gzip Compression Data Read Error'))
} else {
res.writeHead(200, {
'Content-Type': 'application/json',
'Content-Encoding': 'gzip',
})
res.end(data)
}
}
)
} else {
console.warn('Unsupported Content Encoding Headers')
res.status(415).send(new Error('Unsupported Requested Encoding Type'))
}
}
})
// Listen
app.listen(8080, () => console.log('API listening on 8080'))
Didn't understand why you are trying to proxy each to route of your service, why didn't you let your app route the request for you?
Example:
location / {
root /var/www/html/usgs_viz/server;
proxy_pass https://quakeviz.app:8080/;
proxy_ssl_session_reuse on;
}
other thing I notice was the https on the proxy_pass I don't think that would work, try replacing with http.
I changed things to this. I also ran the server with PM2.
I am starting to get more into the fullstack sysadmin bit and so I didn't actually know I needed to run this on PM2 as well as route it with Nginx. I had the notion that Nginx would run it if I pointed to it. Kind of a silly thing but I do think the nginx config here is better. See below.
# Main Content Delivery Block (SSL)
server {
listen 443 ssl;
server_name quakeviz.app;
ssl on;
ssl_certificate /etc/ssl/certs/mpaccione_ssl.crt;
ssl_certificate_key /etc/ssl/private/mpaccione_ssl.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
add_header Content-Security-Policy upgrade-insecure-requests;
location / {
root /var/www/html/usgs_viz/server;
proxy_pass http://localhost:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}

allow cors on subdomain with reverse proxy in nginx

As per the MS doc, I need to set up a reverse proxy for my web api. The below is the nginx config with cors & reverse proxy settings:
server {
listen 80;
listen [::]:80;
server_name api.ZZZ.com;
set $cors '';
location / {
if ($http_origin ~ '^https?://(localhost|www\.ZZZ\.com|www\.ZZZ\.com|ZZZ\.com)') {
set $cors 'true';
}
if ($cors = 'true') {
add_header 'Access-Control-Allow-Origin' "$http_origin" always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,Width,X-Requested-With' always;
# required to be able to read Authorization header in frontend
add_header 'Access-Control-Expose-Headers' 'Authorization' always;
}
if ($request_method = 'OPTIONS') {
# Tell client that this pre-flight info is valid for 20 days
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain charset=UTF-8';
add_header 'Content-Length' 0;
return 204;
}
proxy_pass http://localhost:5000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
I also have the following in my startup.cs:
services.AddCors(options =>
{
options.AddPolicy(corsName, builder =>
{
builder.WithOrigins("http://www.ZZZ.com", "http://ZZZ.com")
.AllowAnyHeader()
.AllowAnyMethod();
});
});
and later:
app.userCors(corsName);
But I am still getting the below CORS error:
Access to XMLHttpRequest at 'http://api.ZZZ.com/YYY' from origin 'http://www.ZZZ.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Please help!
Can you try with SetIsOriginAllowedToAllowWildcardSubdomains configuration and adding wildcard subdomain? like this.
In the ConfigureServices method.
services.AddCors(options =>
{
options.AddPolicy("CorsPolicy",
builder => builder
.SetIsOriginAllowedToAllowWildcardSubdomains()
.WithOrigins("https://*.example.com","https://example.com")
.AllowAnyMethod()
.AllowCredentials()
.AllowAnyHeader()
.Build()
);
});
And in the Configure method
app.UseCors("CorsPolicy");

Nginx proxy pass 404 error - CORS

I have configured a proxy_pass for an JAVA web service to enable cross origin. I can send a post request using the web service URL http://10.1.200.156:8080/ClientService/passwordReset/, but http://10.1.200.156/ClientService/passwordReset/ gives a 404 error. And client application gives, Response for preflight is invalid (redirect).
After searching the web I added proxy_set_header Host $http_host; to the Nginx configuration, but still no luck. Below, the Nginx configuration. Please help.
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
include /etc/nginx/conf.d/*.conf;
server {
listen 80;
server_name euca-172-16-10-214.eucalyptus.internal;
location /ClientService/passwordReset/ {
proxy_pass http://10.1.200.156:8080/ClientService/passwordReset/;
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain charset=UTF-8';
#add_header 'Content-Length' 0;
return 204;
}
if ($request_method = 'POST') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
}
if ($request_method = 'GET') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
}
}
}
}
You shouldn't include the URI when you're proxying. Try the following:
proxy_pass http://10.1.200.156:‌​8080;