From 496c02ab00a0920ad63fc845a726e1d65e0fdbf9 Mon Sep 17 00:00:00 2001
From: Robert Goldsmith <r.s.goldsmith@far-blue.co.uk>
Date: Thu, 18 Jun 2015 14:14:31 +0100
Subject: [PATCH] Added in basic CORS support. Could do with something to allow
 customisation of allowed headers though.

---
 nginx.tmpl | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/nginx.tmpl b/nginx.tmpl
index f674b49..4c65e92 100644
--- a/nginx.tmpl
+++ b/nginx.tmpl
@@ -31,6 +31,11 @@ proxy_set_header X-Real-IP $remote_addr;
 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
 
+proxy_pass_header Access-Control-Allow-Headers;
+proxy_pass_header Access-Control-Allow-Methods;
+proxy_pass_header Access-Control-Allow-Credentials;
+proxy_pass_header Access-Control-Allow-Origin;
+
 server {
 	listen 80;
 	server_name _; # This is just an invalid value which will never trigger on a real hostname.
@@ -117,6 +122,17 @@ server {
 
 	location / {
 		proxy_pass {{ $proto }}://{{ $host }};
+
+		if ({{"$"}}request_method = 'OPTIONS') {
+			add_header Access-Control-Allow-Origin '{{"$"}}http_origin';
+			add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS, PUT, DELETE';
+			add_header Access-Control-Allow-Credentials 'true';
+			add_header Access-Control-Allow-Headers 'Origin,Content-Type,Accept';
+			add_header Content-Length 0;
+			add_header Content-Type text/plain;
+			return 204;
+		}
+
 		{{ if (exists (printf "/etc/nginx/htpasswd/%s" $host)) }}
 		auth_basic	"Restricted {{ $host }}";
 		auth_basic_user_file	{{ (printf "/etc/nginx/htpasswd/%s" $host) }};
@@ -143,6 +159,17 @@ server {
 
 	location / {
 		proxy_pass {{ $proto }}://{{ $host }};
+
+		if ({{"$"}}request_method = 'OPTIONS') {
+			add_header Access-Control-Allow-Origin '{{"$"}}http_origin';
+			add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS, PUT, DELETE';
+			add_header Access-Control-Allow-Credentials 'true';
+			add_header Access-Control-Allow-Headers 'Origin,Content-Type,Accept';
+			add_header Content-Length 0;
+			add_header Content-Type text/plain;
+			return 204;
+		}
+
 		{{ if (exists (printf "/etc/nginx/htpasswd/%s" $host)) }}
 		auth_basic	"Restricted {{ $host }}";
 		auth_basic_user_file	{{ (printf "/etc/nginx/htpasswd/%s" $host) }};