nginx, upstream, cors fail

Question

Can't grasp why my upstream / CORS config is failing. This is preventing some local dev and testing.

I'm getting a No 'Access-Control-Allow-Origin' header is present on the requested resource when making an API request from local.mysite.com:8081 to events.mysite.com.

Here is my server config from /etc/nginx/sites-available/mysite

# the IP(s) on which your node server is running. I chose port 3000.
upstream mysite {
    server 127.0.0.1:3000;
}

# the nginx server instance
server {
    listen 0.0.0.0:80;
    server_name mysite events.mysite.com;
    access_log /var/log/nginx/mysite.log;

    # pass the request to the node.js server with the correct headers and much more can be added, see nginx config options
    location / {
      proxy_set_header Access-Control-Allow-Origin *;
      # proxy_set_header 'Access-Control-Allow-Credentials' 'true';   # i've tried with and without this setting
      proxy_set_header 'Access-Control-Allow-Headers' 'X-Requested-With,Accept,Content-Type, Origin';
      proxy_set_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE';

      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header Host $http_host;
      proxy_set_header X-NginX-Proxy true;

      proxy_pass http://app_mysite/;
      proxy_redirect off;
    }
 }

also, I tried using add_header and not proxy_set_header on the Access-Control-* options, but no dice there either.

I'm running a Node.js app. I have not modified the Node code to handle CORS... is my nginx config wrong, or is it fine but I need to do something else in Node?

score 1 · Answer 1 · answered May 06 '14 at 06:04

1

CORS headers have to be served to browser, not your node application. So you should use add_header directive or, better, set these headers in your application. This should be enough. If you do use withCredentials uncomment appropriate line. If you use something that makes browser to send preflight request, you should properly handle 'OPTIONS' request.

location / {
  add_header Access-Control-Allow-Origin *;
  # add_header Access-Control-Allow-Credentials true;

  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header Host $http_host;
  proxy_set_header X-NginX-Proxy true;

  proxy_pass http://app_mysite/;
  proxy_redirect off;
}

answered May 06 '14 at 06:04

Alexey Ten

13,794
6
44
54

No dice -- I noted above that I had also tried add_header. I've tried super simple header modifications in my app, but I'm new to Node and must be doing it wrong. Basically I have this: `function start(route, handle) { function onRequest(request, response) { response.header("Access-Control-Allow-Origin", "*"); response.header("Access-Control-Allow-Headers", "X-Requested-With"); ... rest of server.js` – mungojerie May 06 '14 at 12:36
It looks like on localhost I now get a failed OPTIONS call. net::ERR_CONNECTION_REFUSED – mungojerie May 06 '14 at 12:52
How do you request this url? – Alexey Ten May 06 '14 at 13:07
Finally got it -- thank you for responding, and you're right, the change needed to happen in my Node.js code, which still had an issue. In my function that sets the headers, I changed Allow-Headers to this: `response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");` – mungojerie May 07 '14 at 14:52

nginx, upstream, cors fail

1 Answers1

Linked