From cd99861aa58696a8a0d40137a5c63d6334fb3991 Mon Sep 17 00:00:00 2001 From: Nicolas CARPi Date: Fri, 22 Mar 2024 23:54:19 +0100 Subject: [PATCH] expose headers for CORS requests use Access-Control-Expose-Headers with Location, Content-Disposition, Cache-Control and Content-Encoding so these response headers can appear in the response of a CORS request fix elabftw/elabftw#5006 --- CHANGELOG.md | 4 ++++ Dockerfile | 2 +- src/nginx/common.conf | 3 +++ 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 011903f..a2241f7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,10 @@ # Container image version # Note: the version here is from `ELABIMG_VERSION` present in Dockerfile, not the tagged one +# 5.1.0 + +* Add Access-Control-Expose-Headers with Location, Content-Disposition, Cache-Control and Content-Encoding + # 5.0.2 * Fix issue with messages being logged two times (error log) diff --git a/Dockerfile b/Dockerfile index 02691d7..d413432 100644 --- a/Dockerfile +++ b/Dockerfile @@ -135,7 +135,7 @@ RUN abuild-keygen -n -a && abuild && find /home/builder/packages -type f -name ' FROM alpine:3.18 # this is versioning for the container image -ENV ELABIMG_VERSION=5.0.2 +ENV ELABIMG_VERSION=5.1.0 # the target elabftw version is passed with --build-arg # it is a mandatory ARG diff --git a/src/nginx/common.conf b/src/nginx/common.conf index 9b3ead7..63f2981 100644 --- a/src/nginx/common.conf +++ b/src/nginx/common.conf @@ -134,3 +134,6 @@ more_set_headers "Server: %SERVER_HEADER%"; %ACAH_HEADER% # this one is only used for CORS but let's leave it there, it doesn't hurt more_set_headers "Access-Control-Allow-Credentials: true"; +# this one is only used for CORS, we might make it user configurable if necessary, but it makes sense to hard code what we have and want to expose +# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Expose-Headers +more_set_headers "Access-Control-Expose-Headers: Location, Content-Encoding, Content-Disposition, Cache-Control";