On Thu, May 28, 2020 at 6:11 PM Francis Daly <[email protected]> wrote:
> On Thu, May 28, 2020 at 12:50:34PM +0530, Kaushal Shriyan wrote: > > Hi there, > > > Access to XMLHttpRequest at ‘ > > > https://tmobilereactdrupal.mydomain.com:8080/oauth/token’ from origin > ‘ > > > https://tmobilereactdrupal.mydomain.com’ has been blocked by CORS > policy: > > > No ‘Access-Control-Allow-Origin’ header is present on the requested > > > resource. > > In your "drupal" nginx config, if the request is handled in the "php" > location, there is no Access-Control-Allow-Origin header added. > > You might want the "add_header" line there instead. > > Good luck with it, > > f > > Hi Francis I have added *add_header 'Access-Control-Allow-Origin' 'origin-list';* in the drupal Nginx config (/etc/nginx/conf.d/drupalbackend.conf) #cat /etc/nginx/conf.d/drupalbackend.conf > server { > listen 8080 default_server ssl; > #listen 80 default_server; > #listen [::]:80 default_server; > server_name _; > root /var/www/html/devportal-v2/developer_portal/web; > index index.php index.html index.htm; > ssl_certificate /etc/ssl/fullchain1.pem; ssl_certificate_key > /etc/ssl/privkey1.pem; > if ($scheme = http) { return 301 https://$server_name$request_uri; } > ssl_ciphers > ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; > ssl_prefer_server_ciphers on; > ssl_dhparam /etc/ssl/dhparam.pem; > # HSTS (ngx_http_headers_module is required) (63072000 seconds) > add_header Strict-Transport-Security "max-age=63072000" always; > #OCSP stapling > ssl_stapling on; > ssl_stapling_verify on; > client_max_body_size 100M; > # Load configuration files for the default server block. > include /etc/nginx/default.d/*.conf; > > location / { > index index.php; > *add_header 'Access-Control-Allow-Origin' 'origin-list';* > # This is cool because no php is touched for static content > try_files $uri $uri/ @rewrite; > expires max; > } > location @rewrite { > * add_header 'Access-Control-Allow-Origin' 'origin-list';* > # Some modules enforce no slash (/) at the end of the URL > # Else this rewrite block wouldn't be needed (GlobalRedirect) > rewrite ^/(.*)$ /index.php?q=$1; > } > > ssl_certificate /etc/ssl/fullchain1.pem; ssl_certificate_key > /etc/ssl/privkey1.pem; > location ~ \.php$ { > #try_files $uri =404; > *add_header 'Access-Control-Allow-Origin' 'origin-list';* > fastcgi_split_path_info ^(.+\.php)(/.+)$; > fastcgi_pass unix:/run/php-fpm/www.sock; > fastcgi_index index.php; > fastcgi_param SCRIPT_FILENAME > $document_root$fastcgi_script_name; > include fastcgi_params; > } > error_page 404 /404.html; > location = /40x.html { > } > error_page 500 502 503 504 /50x.html; > location = /50x.html { > } > } [root@nginx]# nginx -t -c /etc/nginx/nginx.conf > nginx: the configuration file /etc/nginx/nginx.conf syntax is ok > nginx: configuration file /etc/nginx/nginx.conf test is successful > [root@nginx]# I am still encountering the same issue. Access to XMLHttpRequest at ' > https://tmobilereactdrupal.mydomain.com:8080/oauth/token' from origin ' > https://tmobilereactdrupal.mydomain.com' has been blocked by CORS policy: > No 'Access-Control-Allow-Origin' header is present on the requested > resource. > POST https://tmobilereactdrupal.mydomain.com:8080/oauth/token > net::ERR_FAILED Please let me know if you need any additional information. I look forward to hearing from you. Thanks in advance. Best Regards, Kaushal
_______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
