Last active
September 10, 2019 08:31
-
-
Save tjvr/80b066b35930d6ee21bb4be2bcfe89c1 to your computer and use it in GitHub Desktop.
nginx cors proxy
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
server { | |
listen 80; | |
server_name cors.tjvr.org; | |
root /usr/share/nginx/html; | |
index index.html; | |
client_max_body_size 1m; | |
client_body_buffer_size 64k; | |
error_log /var/log/nginx/error-d.log debug; | |
if ($request_method ~ ^OPTIONS$) { | |
rewrite ^.*$ /__OPTIONS last; | |
} | |
location ~* ^/http(s?)\:\/(.*)$ { | |
# use filtered(?) OpenDNS | |
resolver 208.67.222.123; | |
# I think bad domains will get 403 ? | |
# CORS :-) | |
add_header Access-Control-Allow-Origin *; | |
# Disable casual browswing | |
if ($http_origin = "") { | |
return 412; | |
} | |
# TODO redirect if CORS is already present | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header Cookie ''; | |
proxy_pass http$1://$2; | |
proxy_redirect off; | |
# optimise downloads | |
proxy_connect_timeout 30; | |
proxy_send_timeout 30; | |
proxy_read_timeout 30; | |
proxy_max_temp_file_size 0; # don't buffer responses to disk | |
proxy_buffering off; | |
# TODO limit download size | |
# don't forward weird headers | |
proxy_hide_header Access-Control-Allow-Origin; | |
proxy_hide_header Set-Cookie; | |
proxy_hide_header X-Frame-Options; # controversial!! | |
proxy_hide_header X-XSS-Protection; | |
# if ($sent_http_content_length ~ "[0-9]{7}") { | |
# return 403; | |
# } | |
} | |
location = /__OPTIONS { | |
if ($request_method != OPTIONS ) { | |
return 405; | |
} | |
add_header Access-Control-Allow-Origin *; | |
add_header Access-Control-Allow-Methods "GET, OPTIONS, POST, PUT, DELETE"; | |
add_header Access-Control-Allow-Headers $http_access_control_request_headers; | |
add_header Access-Control-Allow-Credentials true; | |
add_header Content-Length 0; | |
add_header Content-Type text/plain; | |
return 200; | |
} | |
location = /index.html { | |
expires 1d; | |
access_log off; | |
add_header Cache-Control "public"; | |
} | |
location = /favicon.ico { | |
expires 1M; | |
access_log off; | |
add_header Cache-Control "public"; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Very, Very nice!!!! you are the BEST ! :)