GitHub - HanadaLee/ngx_http_cors_module: add the support for cross-origin resource sharing protocol: http://www.w3.org/TR/cors/

Branches Tags

Name		Name	Last commit message	Last commit date
Latest commit History 48 Commits
test		test
util		util
README		README
config		config
ngx_http_cors_module.c		ngx_http_cors_module.c

Repository files navigation

Name
    ngx_http_cors_module - support cross origin resource sharing
    protocol in Nginx

Status
    This module is at its very early phase of development and considered
    highly experimental. But you're encouraged to test it out on your side
    and report any quirks that you experience.

    We need your help! If you find this module useful and/or interesting,
    please consider joining the development!

Synopsis
  a simple example:
    http {

        cors on;
        cors_max_age     3600;
        cors_allow_origins **;
        cors_allow_methods GET HEAD PUT POST;
        cors_allow_headers **;

        server {
            listen       80;
            server_name  localhost;

            location / {
                root   html;
                index  index.html index.htm;
            }
        }
    }

Description
    This module can process the cross-origin resource sharing Javascript
    request with this protocol (<http://www.w3.org/TR/cors/>). This module
    follows the protocol version of 20250113.

Directives
  cors
    syntax: *cors on|off;*

    default: *cors off;*

    context: *http, server, location*

    Enable this module

    syntax: *cors_bypass string ...;*

    default: *-*

    context: *http, server, location*

    Defines conditions under which the response will set the cors headers.

  cors_allow_origins
    syntax: *cors_allow_origins \* | \*\* | origins ...;*

    default: *none*

    context: *http, server, location*

    You can specify a list of origins consisting of zero or more origins
    that are allowed. *unbounded* means any cross origin is allowed. The
    format is like this:

    cors_allow_origins http://www.foo.com http://new.bar.net
    http://example.org;

  cors_allow_methods
    syntax: *cors_allow_methods \* | \*\* | methods ...;*

    default: *none*

    context: *http, server, location*

    You can specify a list of methods consisting of zero or more methods
    that are supported by the resource. *unbounded* means any cross origin
    request method is allowed. The format is like this:

    cors_allow_methods GET POST PUT;

  cors_allow_headers
    syntax: *cors_allow_headers \* | \*\* | headers ...;*

    default: *none*

    context: *http, server, location*

    You can specify a list of headers consisting of zero or more field names
    that are supported by the resource. *unbounded* means any cross origin
    request header is allowed.

  cors_expose_header_list
    syntax: *cors_expose_headers headers;*

    default: *none*

    context: *http, server, location*

    You can specify a list of headers are safe to expose to the API of a
    CORS API specification.

  cors_max_age
    syntax: *cors_max_age time;*

    default: *none*

    context: *http, server, location*

    You can specify the amount of seconds the user agent is allowed to cache
    the result of the request.

  cors_allow_credentials
    syntax: *cors_allow_credentials on|off;*

    default: *cors_allow_credentials off;*

    context: *http, server, location*

    You can specify if the resource supports credentials.

  cors_preflight_status
    syntax: *cors_preflight_status 200 | 204;*

    default: *cors_preflight_status 200;*

    context: *http, server, location*

    You can specify the status code of preflight response. 

Installation
    Download the latest version of the release tarball of this module from
    github (<http://github.com/HanadaLee/ngx_http_cors_module>)

    Grab the nginx source code from nginx.org (<http://nginx.org/>), for
    example, the version 1.27.1 (see nginx compatibility), and then build the
    source with this module:

        $ wget 'http://nginx.org/download/nginx-1.27.1.tar.gz'
        $ tar -xzvf nginx-1.27.1.tar.gz
        $ cd nginx-1.27.1/

        $ ./configure --add-module=/path/to/ngx_http_cors_module

        $ make
        $ make install

Compatibility
    My test bed 1.27.1.

TODO
Known Issues
    Developing

Changelogs
  v0.1
    first release
  
  v1.0
    refactor

Authors
    Weibin Yao(姚伟斌) *yaoweibin AT gmail DOT com*
    Hanada im@hanada.info

License
    This README template is from agentzh (<http://github.com/agentzh>).

    This module is licensed under the BSD license.

    Redistribution and use in source and binary forms, with or without
    modification, are permitted provided that the following conditions are
    met:

    Redistributions of source code must retain the above copyright notice,
    this list of conditions and the following disclaimer.
    Redistributions in binary form must reproduce the above copyright
    notice, this list of conditions and the following disclaimer in the
    documentation and/or other materials provided with the distribution.

    THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
    IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
    TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
    PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
    HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
    SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
    TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
    PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
    LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
    NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
    SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.