How do I add a response header to MODX Cloud web rules?

lucy · October 16, 2019, 7:05pm

Trying to add this to my Cloud Web Rules:
add_header Access-Control-Allow-Origin “*”;

Added to the location block at the end of the rules, just before the try_files… friendly URLs lines. But the header does not get added. Is there another way to do this?
Note: have also tried with single and double quotes around the header name.

smashingred · October 16, 2019, 10:13pm

Normally you do it for specific assets as follows. We need to add this to our docs.

location ~* \.(eot|ttf|woff|woff2)$ {
   add_header Access-Control-Allow-Origin *;
}

You can change the asset extensions as needed. You do this before the main location block.

lucy · October 17, 2019, 12:38pm

Thanks Jay. And if I want to allow access to page content too… How would that be done?

smashingred · October 23, 2019, 1:25pm

Lucy,

Sorry for the really long delay. I’m not sure what you’re asking here? Normally, pages or content itself doesn’t have issues with CORS unless you’re iframing or embedding across domains. Could you explain the use case? Are we talking about static files?

lucy · October 23, 2019, 6:10pm

Hi Jay, the use case is to allow cross-origin requests between 2 sites. Would like to test first with the wildcard but the goal would be to allow a single domain (or list of allowed domains). Example:

Access-Control-Allow-Origin: https://myotherdomain.com

smashingred · October 23, 2019, 7:00pm

I’ve not tested this but it may work doing the following but i am skeptical and I am not fully certain as to how to solve this in Cloud. I still feel we’re missing the full example use case here. I also don’t know if $host is the rigth server variable to use. I’m wondering if $http_referrer might be. Nginx configs are not my personal forté.

set $cors "";

if ($host = "domain1.com") {
        set $cors "true";
}
if ($host = "domain2.com") {
        set $cors "true";
}
location / {
    if ($cors = "true") {
        add_header 'Access-Control-Allow-Origin' "$host";
        }
}

The caveat with this is that this may not work and in the nginx community, there is a longstanding consideration that if inside location blocks doesn’t work as one might expect.

For in depth discussion about a specific cloud configuration, it might make sense to hit up support@modxcloud.com and we can come back with a generic response for here.

lucy · October 25, 2019, 6:08pm

Thanks Jay - I try and test this.