Forum Discussion

Occasional Contributor

3 years ago

Swagger behind Nginx Proxy and CORS error

Hi all! I have a problem. I would like to not get an CORS error after pasting in swagger available under swagger.example.com the link to the file available under testing.example.com/plik.yaml. The v...

Swagger UI

Newbie1

Occasional Contributor

3 years ago

ponelat Thank you for an answer. I add whole config from https://enable-cors.org/server_nginx.html to the nginx config of the t1.example.com:

add_header 'Access-Control-Allow-Origin' '*';

location / {
     if ($request_method = 'OPTIONS') {
        add_header 'Access-Control-Allow-Origin' '*';
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
        #
        # Custom headers and headers various browsers *should* be OK with but aren't
        #
        add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
        #
        # Tell client that this pre-flight info is valid for 20 days
        #
        add_header 'Access-Control-Max-Age' 1728000;
        add_header 'Content-Type' 'text/plain; charset=utf-8';
        add_header 'Content-Length' 0;
        return 204;
     }
     if ($request_method = 'POST') {
        add_header 'Access-Control-Allow-Origin' '*' always;
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
        add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always;
        add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
     }
     if ($request_method = 'GET') {
        add_header 'Access-Control-Allow-Origin' '*' always;
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
        add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always;
        add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
     }
}

and now Chrome returns something like this:

and Firefox:

ponelat

Staff

3 years ago

Newbie1 That's addressed a CORS issue, since the error appears to be from the server (unregistered device doesn't sound like any browser/web api error).

To support Authorization headers, you need to change from `*` to an explicit origin. You can confirm by trying a hardcoded one, and if that works you can figure out how to make it dynamic (with nginx).

Replace all instances with this...

add_header Access-Control-Allow-Origin: 'docs.swagger.example.com' always;

Newbie1
Occasional Contributor
3 years ago
Thank you ponelat . 🙂 I am going to ask backend devs what does mean this error. I hope I reached the end. I will let you know.

PS
Is it possible to do some kind of reset origin header? On one testing server I have an error from cors

has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header contains multiple values 'https://swagger.example.com, https://swagger.example.com', but only one is allowed.

but in config I have currently only one occurence of this header. Is it possible that origin header is remembered due to this:

add_header 'Access-Control-Max-Age' 17286000;
Newbie1
Occasional Contributor
3 years ago
ponelat I think it works. I have the same response when execute curl command from shell. Could you tell me is there any possibility to configure docs.swagger.example.com some way to not provide any configuration on any servers like t1.example.com, t2.example.com and so on.

Forum Discussion

Swagger behind Nginx Proxy and CORS error

Recent Discussions

openapi codegen doesn't match swagger for xml array

Swagger Ui showing different behavior

Maximum no of end-points in an API

Related Content

Can't execute API with swagger ui behind NGINX Plus kubernetes ingress

Swagger behind Nginx instead of Zuul

Swagger - parameter not showing in Swagger-UI