NGINX + CORS addition

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • dimyy
    Active Community Member
    • Jun 2018
    • 569

    NGINX + CORS addition

    If you planing use direct ESPO calls from other web pages you can add this to avoid CORS block:

    Code:
    location / {
    if ($request_method = 'OPTIONS') {
    add_header 'Access-Control-Allow-Origin' '*';
    add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
    #
    # Custom headers and headers various browsers *should* be OK with but aren't
    #
    add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
    #
    # Tell client that this pre-flight info is valid for 20 days
    #
    add_header 'Access-Control-Max-Age' 1728000;
    add_header 'Content-Type' 'text/plain; charset=utf-8';
    add_header 'Content-Length' 0;
    return 204;
    }
    try_files $uri $uri/ /index.php?$query_string;
    }
    By default ESPO reject OPTIONS requests.
  • esforim
    Active Community Member
    • Jan 2020
    • 2204

    #2
    Thank you dimyy, where do I add these? It doesn't look like it belong to the htaccess file.

    I'm currently playing with an low-code app builder call Appgyver and when I was testing API ping I'm getting a CORS error (I think), work fine for other JSON/database without authentication.

    Comment

  • yuri
    Member
    • Mar 2014
    • 8440

    #3
    Middleware class: Espo\Tools\Api\Cors\Middleware. Can be added to the global list or to specific routes or controllers. If added to the global list, you also need to add routes. Routes example: [ {...
    If you find EspoCRM good, we would greatly appreciate if you could give the project a star on GitHub. We believe our work truly deserves more recognition. Thanks.

    Comment

    Working...