From c7bc446ec8887803595fa65c314ea08df721f1c2 Mon Sep 17 00:00:00 2001
From: Troy McConaghy <troy@bigchaindb.com>
Date: Wed, 10 Oct 2018 16:17:35 +0200
Subject: [PATCH] Edit nginx/nginx.conf to enable CORS

---
 nginx/nginx.conf | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/nginx/nginx.conf b/nginx/nginx.conf
index a22abc10..9eed3e4a 100644
--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@@ -82,6 +82,22 @@ http {
       # max client request body size: average transaction size.
       client_max_body_size 15k;
 
+      # GET requests are forwarded to BDB.
+      if ($request_method = GET) {
+        proxy_pass http://localhost:9984;
+      }
+
+      # POST requests: Enable CORS then forward to BDB.
+      if ($request_method = POST) {
+        add_header 'Access-Control-Allow-Origin' '*';
+        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+        add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range';
+        add_header 'Access-Control-Expose-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range';
+
+        proxy_pass http://localhost:9984;
+      }
+
+      # OPTIONS requests: Enable CORS and return 204.
       if ($request_method = 'OPTIONS') {
           add_header 'Access-Control-Allow-Origin' '*';
           add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
@@ -92,8 +108,6 @@ http {
           return 204;
       }
 
-      proxy_pass http://localhost:9984;
-
       # Only return this response if request_method is neither POST|GET|OPTIONS
       if ($request_method !~ ^(GET|OPTIONS|POST)$) {
           return 444;