Welcome! Log In Create A New Profile

Advanced

Header problem after upgrade from 1.6 to 1.10

Posted by Seb 
Seb
Header problem after upgrade from 1.6 to 1.10
July 31, 2018 07:31AM
Hi !

I used to run nginx v1.6 with this configuration :

location / {
alias /some/path/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header uuid $uuid;
more_set_headers 'Access-Control-Allow-Origin: $http_origin';
more_set_headers 'Access-Control-Allow-Credentials: true';
more_set_headers 'Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS';
more_set_headers 'Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,access_token,__setXHR_';
if ($request_method = 'OPTIONS') {
more_set_headers 'Access-Control-Allow-Origin: $http_origin';
more_set_headers 'Access-Control-Allow-Credentials: true';
more_set_headers 'Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS';
more_set_headers 'Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,access_token,__setXHR_';
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain charset=UTF-8';
add_header 'Content-Length' 0;
return 204;
}
}

Since my upgrade to nginx v1.10.x, "more_set_headers" isn't working anymore, and I've changed it by add_header 'blablabla' always;

It now looks like this :

location / {
alias /some/path/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header uuid $uuid;
add_header 'Access-Control-Allow-Origin: $http_origin' always;
add_header 'Access-Control-Allow-Credentials: true' always;
add_header 'Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS' always;
add_header 'Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,access_token,__setXHR_' always;
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin: $http_origin' always;
add_header 'Access-Control-Allow-Credentials: true' always;
add_header 'Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS' always;
add_header 'Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,access_token,__setXHR_' always;
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain charset=UTF-8';
add_header 'Content-Length' 0;
return 204;
}
}

However, when I now go on the website, I have this error :

"Failed to load https://mywebsite/auth/login: Response to preflight request doesn't pass access control check: The 'Access-Control-Allow-Origin' header contains multiple values '$http_origin: always', but only one is allowed. Origin 'https://mywebsite' is therefore not allowed access."

What should I change to make it work ? I'm a bit stuck there.
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 75
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready