Differences between revisions 1 and 4 (spanning 3 versions)
Revision 1 as of 2018-08-31 23:01:04
Size: 126
Editor: PieterSmit
Comment:
Revision 4 as of 2020-01-21 03:12:58
Size: 681
Editor: PieterSmit
Comment:
Deletions are marked like this. Additions are marked like this.
Line 5: Line 5:
 * Links [[Linux/Curl]]
Line 9: Line 10:
= CORS =
 * Test cors headers with
{{{

curl -H "Origin: https://mydomain.nz" -H "Access-Control-Request-Method: GET" -H "Access-Control-Request-Headers: X-Requested-With" -X OPTIONS --verbose https://vigor.nz 2>&1 | grep -i "access\|cors"

}}}
 * Nginx set cors using map to check for $http_origin match {{{
map $http_origin $cors_header {
    default "";
    "~^https?://(localhost|www\.yourdomain\.com" "$http_origin always";
}

server {
  more_set_headers "Access-Control-Allow-Origin: $cors_header";

}}}

Web security links

CORS

  • Test cors headers with 

curl -H "Origin: https://mydomain.nz" -H "Access-Control-Request-Method: GET" -H "Access-Control-Request-Headers: X-Requested-With"   -X OPTIONS --verbose https://vigor.nz 2>&1 | grep -i "access\|cors"

  • Nginx set cors using map to check for $http_origin match 

    map $http_origin $cors_header {
    default "";
    "~^https?://(localhost|www\.yourdomain\.com" "$http_origin always";
}

server {
  more_set_headers "Access-Control-Allow-Origin: $cors_header";

...

Security/Web (last edited 2020-01-21 03:12:58 by PieterSmit)