CORS Configuration
CORS (Cross-Origin Resource Sharing) is required in situations where the CUE editor is located in a different domain from other resources to which the CUE editor client will require access. Neither of the recommended configurations described in this chapter require use of CORS. Other possible configurations, however, may require some components to be configured to support CORS.
If, for example, the production configuration described in
A Production Configuration (HTTPS) is modified
by placing an nginx
proxy in front of the
Content Store
web services, then a
/etc/nginx/default-site/cors.conf
file would need to
be included in the proxy server's configuration, with the following
content:
location ~ "/(escenic|studio|webservice|webservice-extensions)/(.*)" { if ($http_origin ~* (https?://[^/]*.mydomain.com(:[0-9]+)?)$) { set $cors "true"; } if ($request_method = 'OPTIONS') { set $cors "${cors}options"; } if ($request_method = 'GET') { set $cors "${cors}get"; } if ($request_method = 'HEAD') { set $cors "${cors}get"; } if ($request_method = 'POST') { set $cors "${cors}post"; } if ($request_method = 'PUT') { set $cors "${cors}post"; } if ($request_method = 'DELETE') { set $cors "${cors}post"; } if ($cors = "trueget") { add_header "Access-Control-Allow-Origin" "$http_origin" always; add_header "Access-Control-Allow-Credentials" "true" always; add_header "Access-Control-Expose-Headers" "Link,X-ECE-Active-Connections,Location,ETag,Allow" always; } if ($cors = "truepost") { add_header "Access-Control-Allow-Origin" "$http_origin" always; add_header "Access-Control-Allow-Credentials" "true" always; add_header "Access-Control-Expose-Headers" "Link,X-ECE-Active-Connections,Location,ETag" always; } if ($cors = "trueoptions") { add_header 'Access-Control-Allow-Origin' "$http_origin"; add_header 'Access-Control-Allow-Credentials' 'true'; add_header 'Access-Control-Max-Age' 1728000; add_header 'Access-Control-Allow-Methods' 'GET, POST, HEAD, OPTIONS, PUT, DELETE'; add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since,If-Match,If-None-Match,X-Escenic-Locks,X-Escenic-media-filename,X-Escenic-home-section-uri'; add_header 'Content-Length' 0; add_header 'Content-Type' 'text/plain charset=UTF-8'; return 204; } }