Skip to content

Commit

Permalink
Streamline cors headers
Browse files Browse the repository at this point in the history
  • Loading branch information
cytopia committed Dec 31, 2022
1 parent 98cdbd3 commit e313907
Show file tree
Hide file tree
Showing 5 changed files with 20 additions and 13 deletions.
4 changes: 2 additions & 2 deletions bin/vhost-gen
Original file line number Diff line number Diff line change
Expand Up @@ -29,8 +29,8 @@ if os.environ.get("MYPY_CHECK", False):
# --------------------------------------------------------------------------------------------------
APPNAME = "vhost-gen"
APPREPO = "https://github.com/devilbox/vhost-gen"
VERSION = "1.0.9"
RELDATE = "2022-12-27"
VERSION = "1.0.10"
RELDATE = "2022-12-31"

# Default paths
CONFIG_PATH = "/etc/vhost-gen/conf.yml"
Expand Down
9 changes: 6 additions & 3 deletions etc/templates/apache22.yml
Original file line number Diff line number Diff line change
Expand Up @@ -181,13 +181,16 @@ features:
Allow from all
</Location>
# https://stackoverflow.com/a/42558499
# https://fetch.spec.whatwg.org/#forbidden-header-name
xdomain_request: |
# Allow cross domain request from these hosts
SetEnvIf Origin "__REGEX__" AccessControlAllowOrigin=$0
Header add Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
Header always set Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
Header always set Access-Control-Allow-Methods "HEAD, GET, POST, PUT, PATCH, DELETE, OPTIONS"
Header always set Access-Control-Allow-Headers "Accept, Authorization, Content-Security-Policy, Content-Type, Location, Origin, X-Requested-With"
Header always set Access-Control-Expose-Headers "Content-Security-Policy, Location"
Header always set Access-Control-Max-Age "0"
Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token"
# Added a rewrite to respond with a 200 SUCCESS on every OPTIONS request.
RewriteEngine On
RewriteCond %{REQUEST_METHOD} OPTIONS
Expand Down
9 changes: 6 additions & 3 deletions etc/templates/apache24.yml
Original file line number Diff line number Diff line change
Expand Up @@ -206,13 +206,16 @@ features:
Require all granted
</Location>
# https://stackoverflow.com/a/42558499
# https://fetch.spec.whatwg.org/#forbidden-header-name
xdomain_request: |
# Allow cross domain request from these hosts
SetEnvIf Origin "__REGEX__" AccessControlAllowOrigin=$0
Header add Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
Header always set Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
Header always set Access-Control-Allow-Methods "HEAD, GET, POST, PUT, PATCH, DELETE, OPTIONS"
Header always set Access-Control-Allow-Headers "Accept, Authorization, Content-Security-Policy, Content-Type, Location, Origin, X-Requested-With"
Header always set Access-Control-Expose-Headers "Content-Security-Policy, Location"
Header always set Access-Control-Max-Age "0"
Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token"
# Added a rewrite to respond with a 200 SUCCESS on every OPTIONS request.
RewriteEngine On
RewriteCond %{REQUEST_METHOD} OPTIONS
Expand Down
9 changes: 5 additions & 4 deletions etc/templates/nginx.yml
Original file line number Diff line number Diff line change
Expand Up @@ -166,11 +166,12 @@ features:
xdomain_request: |
# Allow cross domain request from these hosts
# https://fetch.spec.whatwg.org/#forbidden-header-name
if ( $http_origin ~* (__REGEX__) ) {
add_header "Access-Control-Allow-Origin" "$http_origin";
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range';
add_header 'Access-Control-Expose-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range';
add_header "Access-Control-Allow-Origin" "$http_origin";
add_header 'Access-Control-Allow-Methods' 'HEAD, GET, POST, PUT, PATCH, DELETE, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Accept, Authorization, Content-Security-Policy, Content-Type, Location, Origin, X-Requested-With';
add_header 'Access-Control-Expose-Headers' 'Content-Security-Policy, Location';
add_header 'Access-Control-Max-Age' 0;
return 200;
}
2 changes: 1 addition & 1 deletion setup.py
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@

setup(
name="vhost-gen",
version="1.0.9",
version="1.0.10",
description="Configurable vHost generator for Apache 2.2, Apache 2.4 and Nginx.",
license="MIT",
long_description=long_description,
Expand Down

0 comments on commit e313907

Please sign in to comment.