V8-archive: serverInfo request fails on nginx
Bug Report
Steps to Reproduce
- Clone directus api from master
- Use nginx with php-fpm server to serve the data
- Use Directus Web with api served by nginx
- Login to Directus Web and check browser logs for CORS and 405 Not Allowed request in Network
Expected Behavior
Retrieve server info succesfully when making the request to endpoint / using nginx
Actual Behavior
Cannot retrieve server info when it's making a OPTIONS & GET request to the nginx server to endpoint /
Other Context & Screenshots
This works for all other http servers like Apache, Caddy or local php server.
Nginx Default conf
https://gist.github.com/benydc/2e41b05edcddce62b17649b707c2931d
Nginx conf
https://gist.github.com/benydc/69de3c6d4249551c2ae40fae5a1dcd7e
Screenshots
Technical Details
- Device: [Desktop, Docker]
- OS: [MacOS 10.14.2, Alpine]
- Web Server: [Nginx 1.15.8]
- PHP Version: [7.3.2]
- Database: [MySQL 8.0.15]
- Install Method: [cloned
masterbranch]
benydc
All 12 comments
Hi @benydc
I am not able to reproduce the issue on my nginx setup. https://gist.github.com/hemratna/1c782a8128943eb0404a088adf257677
(I replace some server secret with {_var_})
In my end, it is working fine.
I am suggesting, Please take the latest version of App and Api and try once again.
hemratna
on 9 Jul 2019
Hey @benydc — let us know if things are working for you with the most recent versions of Directus. Since we can not reproduce this issue and because it's technically on an "alternate stack" (we only officially support Apache), I will close this for now. If we get some updates saying this is still not working we can re-address.
benhaynes
on 9 Jul 2019
I found a solution for nginx, just enable cors for the root only, here is the snippet to do so.
# This should be before any other location to allow overrides down the line.
location = / { # Don't foget the equal sign
if ($request_method = 'OPTIONS') {
# The needed domains
add_header 'Access-Control-Allow-Origin' '*';
# The same methods that are across directus, maybe GET is enough for this route
add_header 'Access-Control-Allow-Methods' 'GET,POST,PUT,PATCH,DELETE,HEAD';
# The same headers that are present on other requests
add_header 'Access-Control-Allow-Headers' 'Content-Type,Authorization';
# I took the liberty to increment the max age of the preflight to a 20 days
add_header 'Access-Control-Max-Age' 1728000;
# Could work without this one
add_header 'Content-Type' 'text/plain; charset=utf-8';
# Is necesary since is an OPTIONS requests
add_header 'Content-Length' 0;
# Return here, there is no need to pass it to php
return 204;
}
# Cover the same request types from above with the same block
if ($request_method ~* '(GET|POST|PUT|PATCH|DELETE|HEAD)') {
# Again your whitelisted domains if any
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET,POST,PUT,PATCH,DELETE,HEAD';
add_header 'Access-Control-Allow-Headers' 'Content-Type,Authorization';
# It worked without exposing more headers.
# add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
}
}
cesasol
on 11 Jul 2019
@directus/api-team — is this something we should add to the Codebase or Docs?
benhaynes
on 11 Jul 2019
I think we should add the CORS headers on the server/ endpoints by default, instead of relying on the webservers to add that.
@benhaynes generally speaking, lets try to keep environment specific config files out of the repo
rijkvanzanten
on 11 Jul 2019
@rijkvanzanten
We have it already :)
bjgajjar
on 12 Jul 2019
@benhaynes For the list out all the server config, Can we create a seprate repo and link it with documentation?
hemratna
on 12 Jul 2019
Absolutely! This seems like the best way to me... I'll let @rijkvanzanten create it/them so he can come up with the repo name. 😄
I thought we had this in the past... maybe we deleted them?? 🤔
benhaynes
on 12 Jul 2019
@bjgajjar That means that @cesasol shouldn't have to rely on a special config to enable it. @cesasol are you using the latest version of the API?
rijkvanzanten
on 12 Jul 2019
Yes I am, just updated yesterday
El vie., jul. 12, 2019 9:35 AM, Rijk van Zanten notifications@github.com
escribió:
@bjgajjar https://github.com/bjgajjar That means that @cesasol
https://github.com/cesasol shouldn't have to rely on a special config
to enable it. @cesasol https://github.com/cesasol are you using the
latest version of the API?—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/directus/api/issues/797?email_source=notifications&email_token=AA5LCSKVTK6IHGPPM5CHESLP7CJBPA5CNFSM4G2WG6Y2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODZZ53VI#issuecomment-510909909,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AA5LCSOMOIIHWWTQILRN3H3P7CJBPANCNFSM4G2WG6YQ
.
cesasol
on 12 Jul 2019
@cesasol and you didn't have the CORS headers in / without having to update the nginx config?
rijkvanzanten
on 12 Jul 2019
I didn't, that's why I stumbled into this issue in the first place.
El vie., 12 jul. 2019 a las 10:40, Rijk van Zanten (<
[email protected]>) escribió:
@cesasol https://github.com/cesasol and you didn't have the CORS
headers in / without having to update the nginx config?—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/directus/api/issues/797?email_source=notifications&email_token=AA5LCSKPBGXHFB4KZAHDZPTP7CQVNA5CNFSM4G2WG6Y2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODZ2DU3A#issuecomment-510933612,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AA5LCSPL4ZLNZWSMCWN23YLP7CQVNANCNFSM4G2WG6YQ
.
cesasol
on 16 Jul 2019
Related issues
benhaynes
·
4Comments
cdwmhcc
·
3Comments
HashemKhalifa
·
3Comments
cdwmhcc
·
3Comments
24js
·
3Comments
Most helpful comment
I think we should add the CORS headers on the server/ endpoints by default, instead of relying on the webservers to add that.
@benhaynes generally speaking, lets try to keep environment specific config files out of the repo