Edit nginx/nginx.conf to enable CORS (#2580)

* Edit nginx/nginx.conf to enable CORS

* In nginx/nginx.conf, add more allowed headers w/ OPTIONS requests

nginx/nginx.conf

@@ -82,18 +82,32 @@ http {
       # max client request body size: average transaction size.
       client_max_body_size 15k;
 
+      # GET requests are forwarded to BDB.
+      if ($request_method = GET) {
+        proxy_pass http://localhost:9984;
+      }
+
+      # POST requests: Enable CORS then forward to BDB.
+      if ($request_method = POST) {
+        add_header 'Access-Control-Allow-Origin' '*';
+        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+        add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range';
+        add_header 'Access-Control-Expose-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range';
+
+        proxy_pass http://localhost:9984;
+      }
+
+      # OPTIONS requests: Enable CORS and return 204.
       if ($request_method = 'OPTIONS') {
           add_header 'Access-Control-Allow-Origin' '*';
           add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
-          add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent';
+          add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range';
           add_header 'Access-Control-Max-Age' 43200;
           add_header 'Content-Type' 'text/plain charset=UTF-8';
           add_header 'Content-Length' 0;
           return 204;
       }
 
-      proxy_pass http://localhost:9984;
-
       # Only return this response if request_method is neither POST|GET|OPTIONS
       if ($request_method !~ ^(GET|OPTIONS|POST)$) {
           return 444;