From a67ca7b298c870ba9e123d479e94523b03ac5ca8 Mon Sep 17 00:00:00 2001
From: Daoud Clarke <daoud.clarke@gmail.com>
Date: Sun, 19 Jun 2022 11:16:03 +0100
Subject: [PATCH] Enable CORS in nginx

---
 Dockerfile       |  2 ++
 nginx.conf.sigil | 77 ++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 79 insertions(+)
 create mode 100644 nginx.conf.sigil

diff --git a/Dockerfile b/Dockerfile
index c04d64d..094b6ab 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -33,6 +33,8 @@ FROM base as final
 # Copy only the required /venv directory from the builder image that contains mwmbl and its dependencies
 COPY --from=builder /venv /venv
 
+ADD nginx.conf.sigil /app
+
 # Set up a volume where the data will live
 VOLUME ["/data"]
 
diff --git a/nginx.conf.sigil b/nginx.conf.sigil
new file mode 100644
index 0000000..0ee67fb
--- /dev/null
+++ b/nginx.conf.sigil
@@ -0,0 +1,77 @@
+## This is/was the template from /root/dokku/plugins/nginx-vhosts/templates/nginx.ssl.conf
+## See the CORS section added below
+server {
+  listen      [::]:80;
+  listen      80;
+  server_name $NOSSL_SERVER_NAME;
+  return 301 https://$SSL_SERVER_NAME\$request_uri;
+}
+
+server {
+  listen      [::]:443 ssl spdy;
+  listen      443 ssl spdy;
+  server_name $SSL_SERVER_NAME;
+$SSL_DIRECTIVES
+
+  keepalive_timeout   70;
+  add_header          Alternate-Protocol  443:npn-spdy/2;
+  location    / {
+
+## Start CORS here.  See http://enable-cors.org/server_nginx.html for comments
+
+    if (\$http_origin ~* (^https?://.*\.$VHOST$)) {
+        set \$cors corson;
+    }
+    if (\$http_origin ~* (^http://(localhost|127.0.0.1)(:[0-9]+)?$)) {
+        set \$cors corson;
+    }
+
+    if (\$request_method = OPTIONS) {
+        set \$cors '\${cors}options';
+    }
+
+    if (\$request_method = GET) {
+        set \$cors '\${cors}get';
+    }
+    if (\$request_method = POST) {
+        set \$cors '\${cors}post';
+    }
+
+    if (\$cors = corsonget) {
+        add_header Access-Control-Allow-Origin \$http_origin;
+        add_header Access-Control-Allow-Credentials true;
+    }
+
+    if (\$cors = corsonpost) {
+        add_header Access-Control-Allow-Origin \$http_origin;
+        add_header Access-Control-Allow-Credentials true;
+    }
+
+    if (\$cors = corsonoptions) {
+        add_header Access-Control-Allow-Origin \$http_origin;
+        add_header Access-Control-Allow-Credentials true;
+
+        add_header Access-Control-Max-Age 1728000;
+
+        add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';
+
+        add_header Access-Control-Allow-Headers 'Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since';
+
+        add_header Content-Length 0;
+        add_header Content-Type 'text/plain charset=UTF-8';
+        return 204;
+    }
+### End CORS
+
+    proxy_pass  http://$APP;
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade \$http_upgrade;
+    proxy_set_header Connection "upgrade";
+    proxy_set_header Host \$http_host;
+    proxy_set_header X-Forwarded-Proto \$scheme;
+    proxy_set_header X-Forwarded-For \$remote_addr;
+    proxy_set_header X-Forwarded-Port \$server_port;
+    proxy_set_header X-Request-Start \$msec;
+  }
+  include $DOKKU_ROOT/$APP/nginx.conf.d/*.conf;
+}