On Sun, Oct 22, 2017 at 01:31:03PM +0000, Rudenko Aleksandr wrote: > In past we rewrite http response header by Apache rules for our > web-interface and pass CORS check. But now it’s impossible to solve on > balancer level. You CAN modify the CORS responses at the load-balancer level. Find below the snippets needed to do it in HAProxy w/ Jewel-Civetweb; specifically, this completely overrides the CORS if the Origin matches some strings. We use this to override the CORS for access via our customer interface panel, so regardless of what CORS they set on the bucket, the panel always works. frontend ... # Store variable for using later in the response. http-request set-var(txn.origin) req.hdr(Origin) acl override_cors var(txn.origin) -m end -i SOMEDOMAIN acl override_cors var(txn.origin) -m sub -i SOMEDOMAIN # Export fact as a boolean http-request set-var(txn.override_cors) bool(true) if override_cors http-request set-var(txn.override_cors) bool(false) unless override_cors backend ... # We inject Origin headers for ..., so we must declare to the client # that the might be different in other requests. http-response add-header Vary Origin if { var(txn.origin) -m len gt 1 # If the origin is the Panel, then override the CORS headers acl override_cors var(txn.override_cors),bool # 1. if OPTIONS: Override any 403 error to say it's ok instead # 403 means the OPTIONS request was being denied by the RGW as it didn't match. acl res_status_403 status eq 403 http-response set-status 200 if res_status_403 override_cors METH_OPTIONS # 2. if OPTIONS: Valid CORS has length 0 http-response set-header Content-Length 0 if override_cors METH_OPTIONS # 3. Override CORS headers http-response set-header Access-Control-Allow-Headers origin,\ content-length,\ content-type,\ content-md5 if override_cors http-response set-header Access-Control-Allow-Origin %[var(txn.origin)] if override_cors http-response set-header Access-Control-Allow-Methods GET,\ HEAD,\ POST,\ OPTIONS,\ PUT,\ DELETE if override_cors http-response set-header Access-Control-Max-Age 600 if override_cors > > What is right way? > > --- > Best regards, > > Aleksandr Rudenko > > > _______________________________________________ > ceph-users mailing list > ceph-users@xxxxxxxxxxxxxx > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com -- Robin Hugh Johnson Gentoo Linux: Dev, Infra Lead, Foundation Asst. Treasurer E-Mail : robbat2@xxxxxxxxxx GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85 GnuPG FP : 7D0B3CEB E9B85B1F 825BCECF EE05E6F6 A48F6136
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com