Fix CORS config (#1649)

RobertLucian · web-flow · commit 061f0d628e39 · 2020-12-03T10:45:39.000-08:00
diff --git a/pkg/workloads/cortex/serve/nginx.conf.j2 b/pkg/workloads/cortex/serve/nginx.conf.j2
@@ -83,17 +83,38 @@ http {
         }
 
         location ~ ^/(predict/?|)$ {
-            limit_conn inflights {{ CORTEX_MAX_REPLICA_CONCURRENCY | int }};
+            # CORS (inspired by https://enable-cors.org/server_nginx.html)
+            if ($request_method = 'OPTIONS') {
+                add_header 'Access-Control-Allow-Origin' '*';
+                add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+                add_header 'Access-Control-Allow-Headers' '*';
+                add_header 'Access-Control-Allow-Credentials' 'true';
+                add_header 'Access-Control-Max-Age' 1728000;
+                add_header 'Content-Type' 'text/plain; charset=utf-8';
+                add_header 'Content-Length' 0;
+                return 204;
+            }
+            if ($request_method = 'POST') {
+                add_header 'Access-Control-Allow-Origin' '*';
+                add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+                add_header 'Access-Control-Allow-Headers' '*';
+                add_header 'Access-Control-Allow-Credentials' 'true';
+                add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
+            }
+            if ($request_method = 'GET') {
+                add_header 'Access-Control-Allow-Origin' '*';
+                add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+                add_header 'Access-Control-Allow-Headers' '*';
+                add_header 'Access-Control-Allow-Credentials' 'true';
+                add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
+            }
 
-            add_header Access-Control-Allow-Origin "*";
-            add_header Access-Control-Allow-Headers "*";
-            add_header Access-Control-Allow-Methods "GET, POST";
-            add_header Access-Control-Allow-Credentials "true";
+            limit_conn inflights {{ CORTEX_MAX_REPLICA_CONCURRENCY | int }};
 
-            proxy_set_header HOST $host;
-            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-            proxy_set_header X-Real-IP $remote_addr;
-            proxy_set_header X-Forwarded-Proto $scheme;
+            proxy_set_header 'HOST' $host;
+            proxy_set_header 'X-Forwarded-For' $proxy_add_x_forwarded_for;
+            proxy_set_header 'X-Real-IP' $remote_addr;
+            proxy_set_header 'X-Forwarded-Proto' $scheme;
 
             proxy_redirect off;
             proxy_buffering off;
