search

devlikeapro / waha

WAHA - WhatsApp HTTP API (REST API) that you can configure in a click! Two engines: chromium-based WEBJS and pure-websocket NOWEB
https://waha.devlike.pro/
Apache License 2.0
831 stars 254 forks source link

Configure CORS options for API #198

Open xujaan opened 10 months ago

xujaan commented 10 months ago

How can i setting up cors policy? i can't find it in source code. i use subdomain for waha and accessing the api from main domain. image

allburov commented 10 months ago

There's no such configuration yet, but we can add it later (no timeline for that tho)

Right now you can setup a reverse proxy on waha subdomain, like nginx and setup cors policy there. https://www.digitalocean.com/community/tutorials/how-to-configure-nginx-as-a-reverse-proxy-on-ubuntu-22-04 https://enable-cors.org/server_nginx.html

For one who wish to contribute the feature - here's some links that we'd use

We should add some env.variable for that, like WAHA_CORS_ORIGIN , WAHA_CORS_ALLOWED_HEADERS, etc

xujaan commented 10 months ago

I got it, waiting for improvement. Thank you!

allburov commented 10 months ago

Let's keep the issue open, so we remember about it :)

jktan0504 commented 2 weeks ago

hi unfortunately, i met this issue now >.<

I had configured my nginx: ` server { listen 80; listen [::]:80;

          listen 443 ssl;
          listen [::]:443 ssl;

          ssl_certificate /etc/nginx/certs/cert.pem;
          ssl_certificate_key /etc/nginx/certs/private.pem;

          server_name mydomain.com;

          location / {
                proxy_pass http://waha_plus:3000;  # Name of the API service defined in docker-compose.yml
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;

                # CORS configuration
                add_header 'Access-Control-Allow-Origin' 'https://myfrontend.com' always;
                add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, DELETE, PUT, PATCH' always;
                add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization' always;
                add_header 'Access-Control-Allow-Credentials' 'true' always;

                if ($request_method = 'OPTIONS') {
                    add_header 'Access-Control-Allow-Origin' 'https://myfrontend.com' always;
                    add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, DELETE, PUT, PATCH' always;
                    add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization' always;
                    add_header 'Access-Control-Max-Age' 1728000;
                    add_header 'Content-Type' 'text/plain; charset=utf-8';
                    add_header 'Content-Length' 0;
                    return 204;
                }
          }
    }`

if anyone can help, i am really appreciated. Stuck here for awhile.

Request URL: http://waha_plus:3000/api/sessions/default Referrer Policy: strict-origin-when-cross-origin

patron:PLUS