Add CORS headers to Nginx sites configurations(s)

[dkastl]

Describe your feature request

I have created a Redmine plugin, that allows users to create and publish FIWARE Context Broker subscriptions, which then can create and update issues based on FIWARE notifications, and FIWARE-Big|Small-Bang was extremely helpful for development. Thanks a lot!

The plugin allows both, to publish subscriptions directly from the browser client, but also through the server. I have cases where publishing through the server is not possible, but when I try to connect to Orion for example directly, connection is not possible due to missing CORS settings in Nginx.

Describe the solution you'd like

It might be also useful for others to have CORS enabled. I only needed this for Orion, and the following settings worked for me:

[snip]

server {
  [snip]

  # Add CORS Headers
  add_header 'Access-Control-Allow-Origin' '*' always;
  add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, DELETE, PUT, PATCH' always;
  add_header 'Access-Control-Allow-Headers' 'Origin, Content-Type, Accept, Authorization, X-Requested-With, fiware-service, fiware-servicepath' always;
  add_header 'Access-Control-Expose-Headers' 'location, fiware-correlator' always;

  location / {
    if ($request_method = 'OPTIONS') {
      add_header 'Access-Control-Allow-Origin' '*' always;
      add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, DELETE, PUT, PATCH' always;
      add_header 'Access-Control-Allow-Headers' 'Origin, Content-Type, Accept, Authorization, X-Requested-With, fiware-service, fiware-servicepath' always;
      add_header 'Access-Control-Expose-Headers' 'location, fiware-correlator' always;
      add_header 'Access-Control-Max-Age' 1728000;
      add_header 'Content-Type' 'text/plain charset=UTF-8';
      add_header 'Content-Length' 0;
      return 204;
    }

    [snip]
  }

  [snip]
}

I'm not sure enabling CORS for other services would be also helpful, probably yes. In this case there might be a better way than including CORS settings in each and every Nginx template.

Describe why you need this feature

• [ ] To approach a new use case.
• [ ] To integrate a new Generic Enabler / othe open source component.
• [x] To improve or simplify an scenario.
• [ ] Other reason (describe it)

Additional information

• I needed location permitted in Access-Control-Expose-Headers, because otherwise this information is dropped from the response
• I needed to include fiware-service, fiware-servicepath in Access-Control-Allow-Headers to support multi-tenant configurations

I'm not sure other services/use cases need similar additional settings.

Do you have the intention to implement the solution

• [ ] Yes, I have the knowledge to implement this new feature.
• [x] Yes, but I will need help.
• [ ] No, I do not have the skills.

Other information

• [x] I have provided a Github Star to this repository.

[fisuda]

Thanks for your proposal.

I added the feature supporting CORS for Orion on my branch fisuda/feature/cors. Please test it and give me your feedback.

How to get the remote branch as shown:

$ git remote add fisuda https://github.com/fisuda/FIWARE-Big-Bang.git

$ git fetch fisuda
remote: Enumerating objects: 33, done.
remote: Counting objects: 100% (27/27), done.
remote: Compressing objects: 100% (4/4), done.
remote: Total 33 (delta 23), reused 27 (delta 23), pack-reused 6
Unpacking objects: 100% (33/33), 7.64 KiB | 711.00 KiB/s, done.
From https://github.com/fisuda/FIWARE-Big-Bang
 * [new branch]      feature/cors    -> fisuda/feature/cors
 * [new branch]      feature/grafana -> fisuda/feature/grafana
 * [new branch]      feature/knowage -> fisuda/feature/knowage
 * [new branch]      main            -> fisuda/main

$ git switch -c feature/cors fisuda/feature/cors
Branch 'feature/cors' set up to track remote branch 'feature/cors' from 'fisuda'.
Switched to a new branch 'feature/cors'

$ grep -1 ORION_CORS config.sh
# Enable cross-origin resource sharing (CORS) Default: false
ORION_CORS=

To enable CORS for Orion, set ORION_CORS= to true in the config.sh file.

Thanks.

[dkastl]

Oh, great! I will try it out in the next days.

I don't have a good overview of FIWARE specific headers, I just know about fiware-service, fiware-servicepath and location so far, because they are used in my plugin.

[dkastl]

I tested the CORS settings and they work perfectly!

[fisuda]

This feature has been implemented at PR #395 and is included in the latest release, FIWARE Big Bang v0.40.0.