From 86e7e1c600096101cb0d594b22fffe4dae481ef4 Mon Sep 17 00:00:00 2001 From: Lauri Ojansivu Date: Tue, 11 Jun 2019 16:32:42 +0300 Subject: [PATCH] More CORS headers settings related to https://github.com/wekan/wekan/pull/2429 Thanks to xet7 ! --- Dockerfile | 2 ++ releases/virtualbox/start-wekan.sh | 4 ++++ start-wekan.bat | 7 +++++++ start-wekan.sh | 4 ++++ 4 files changed, 17 insertions(+) diff --git a/Dockerfile b/Dockerfile index 09df2c081..bef829298 100644 --- a/Dockerfile +++ b/Dockerfile @@ -99,6 +99,8 @@ ENV BUILD_DEPS="apt-utils bsdtar gnupg gosu wget curl bzip2 build-essential pyth LOGOUT_ON_HOURS="" \ LOGOUT_ON_MINUTES="" \ CORS="" \ + CORS_ALLOW_HEADERS="" \ + CORS_EXPOSE_HEADERS="" \ DEFAULT_AUTHENTICATION_METHOD="" # Copy the app to the image diff --git a/releases/virtualbox/start-wekan.sh b/releases/virtualbox/start-wekan.sh index ae320df5a..4d03182c4 100755 --- a/releases/virtualbox/start-wekan.sh +++ b/releases/virtualbox/start-wekan.sh @@ -38,6 +38,10 @@ #--------------------------------------------- # CORS: Set Access-Control-Allow-Origin header. Example: * #export CORS=* + # To enable the Set Access-Control-Allow-Headers header. "Authorization,Content-Type" is required for cross-origin use of the API. + #export CORS_ALLOW_HEADERS=Authorization,Content-Type + # To enable the Set Access-Control-Expose-Headers header. This is not needed for typical CORS situations. Example: * + #export CORS_EXPOSE_HEADERS=* #--------------------------------------------- ## Optional: Integration with Matomo https://matomo.org that is installed to your server ## The address of the server where Matomo is hosted: diff --git a/start-wekan.bat b/start-wekan.bat index 3c8da9a38..1c52b8f76 100755 --- a/start-wekan.bat +++ b/start-wekan.bat @@ -31,6 +31,13 @@ REM SET ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURES_BERORE=3 REM SET ACCOUNTS_LOCKOUT_UNKNOWN_USERS_LOCKOUT_PERIOD=60 REM SET ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURE_WINDOW=15 +REM # CORS: Set Access-Control-Allow-Origin header. Example: * +REM SET CORS=* +REM # To enable the Set Access-Control-Allow-Headers header. "Authorization,Content-Type" is required for cross-origin use of the API. +REM SET CORS_ALLOW_HEADERS=Authorization,Content-Type +REM # To enable the Set Access-Control-Expose-Headers header. This is not needed for typical CORS situations. Example: * +REM SET CORS_EXPOSE_HEADERS=* + REM # Optional: Integration with Matomo https://matomo.org that is installed to your server REM # The address of the server where Matomo is hosted. REM # example: - MATOMO_ADDRESS=https://example.com/matomo diff --git a/start-wekan.sh b/start-wekan.sh index a904a179c..8dcdf15f8 100755 --- a/start-wekan.sh +++ b/start-wekan.sh @@ -56,6 +56,10 @@ function wekan_repo_check(){ #--------------------------------------------- # CORS: Set Access-Control-Allow-Origin header. Example: * #export CORS=* + # To enable the Set Access-Control-Allow-Headers header. "Authorization,Content-Type" is required for cross-origin use of the API. + #export CORS_ALLOW_HEADERS=Authorization,Content-Type + # To enable the Set Access-Control-Expose-Headers header. This is not needed for typical CORS situations. Example: * + #export CORS_EXPOSE_HEADERS=* #--------------------------------------------- ## Optional: Integration with Matomo https://matomo.org that is installed to your server ## The address of the server where Matomo is hosted: