Announcement

Collapse
No announcement yet.

NGINX + CORS addition

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • NGINX + CORS addition

    If you planing use direct ESPO calls from other web pages you can add this to avoid CORS block:

    Code:
    location / {
    if ($request_method = 'OPTIONS') {
    add_header 'Access-Control-Allow-Origin' '*';
    add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
    #
    # Custom headers and headers various browsers *should* be OK with but aren't
    #
    add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
    #
    # Tell client that this pre-flight info is valid for 20 days
    #
    add_header 'Access-Control-Max-Age' 1728000;
    add_header 'Content-Type' 'text/plain; charset=utf-8';
    add_header 'Content-Length' 0;
    return 204;
    }
    try_files $uri $uri/ /index.php?$query_string;
    }
    By default ESPO reject OPTIONS requests.

  • #2
    Thank you dimyy, where do I add these? It doesn't look like it belong to the htaccess file.

    I'm currently playing with an low-code app builder call Appgyver and when I was testing API ping I'm getting a CORS error (I think), work fine for other JSON/database without authentication.

    Comment


    • yuri
      yuri commented
      Editing a comment
      It's NGINX config. htaccess is apache-only thing.

    • esforim
      esforim commented
      Editing a comment
      Thanks yuri, guess I try to look for solution for Apache.

    • esforim
      esforim commented
      Editing a comment
      Hi guys, manage to find fix this problem for Apache with solution here: https://forum.espocrm.com/forum/gene...3921#post73921

  • #3
    Middleware class: Espo\Tools\Api\Cors\Middleware. Can be added to the global list or to specific routes or controllers. If added to the global list, you also need to add routes. Routes example: [ {...

    Comment

    Working...
    X