Merge pull request #1 from vlobzakov/master

sych74 · web-flow · commit 86beeb48dbe6 · 2019-04-25T16:04:59.000+03:00
CORS-CDN issue update added
diff --git a/CORS-CDN/README.md b/CORS-CDN/README.md
@@ -0,0 +1,15 @@
+## CORS issue fixing
+
+Installing the **Edgeport - Premium CDN Add-On** on Magento 2 application, you will be experiencing [**Cross-Origin Resource Sharing (CORS)**](https://en.wikipedia.org/wiki/Cross-origin_resource_sharing) issue which is invoked when a web application executes a cross-origin HTTP request when it requests a resource that has a different origin (domain, protocol, and port) than its own origin.
+      
+There are several ways how to overcome this issue. One of them we describe here.
+   
+1. Upload **cors.conf** file from repository directory **CORS-CDN** to **/etc/nginx/** directory.
+   
+2. Open **cors.conf** , find line #5 and replace **magentohostname** with your environment hostname and **magentocdnhostname** with magento CDN hostname obtained upon Add-On installation.
+   
+For example: **if ($http_origin ~* 'https?://(localhost|magento\\.jelastic\\.com|magento\\.cdn\\.edgeport\\.net)')** 
+   
+3. Replace **/etc/nginx/conf.d/site-default.conf** with **site-default.conf** from repository directory **CORS-CDN**.
+   
+4. The changes added as lines **67, 79** and **104** to **site-default.conf**.
diff --git a/CORS-CDN/cors.conf b/CORS-CDN/cors.conf
@@ -0,0 +1,27 @@
+set $cors 'true';
+
+#### Replace "magentohostname" with Jelastic platform hostname or customdomain and "magentocdnhostname" with magento CDN hostname obtained from add-on or CDN custom domain you've bound to the environment.
+#### For example: if ($http_origin ~* 'https?://(localhost|magento\.jelastic\.com|magento\.cdn\.edgeport\.net)') {
+if ($http_origin ~* 'https?://(localhost|magentohostname|magentocdnhostname)') {
+        set $cors 'true';
+}
+
+#### always is required to add headers even if response's status is 4xx or 5xx
+if ($cors = 'true') {
+        add_header 'Access-Control-Allow-Origin' '*' always;
+        add_header 'Access-Control-Allow-Credentials' 'true' always;
+        add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
+        add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With' always;
+        # required to be able to read Authorization header in frontend
+        add_header 'Access-Control-Expose-Headers' 'Authorization' always;
+}
+
+#### 2 if are required, nginx treats each if block as a different context
+if ($request_method = 'OPTIONS') {
+        add_header 'Access-Control-Allow-Origin' '*';
+        add_header 'Access-Control-Allow-Credentials' 'true';
+        add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS';
+        add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With';
+
+        return 204;
+}
diff --git a/CORS-CDN/site-default.conf b/CORS-CDN/site-default.conf
@@ -0,0 +1,163 @@
+ server {
+  listen       80;
+  server_name  localhost;
+  index  index.php;
+  autoindex off;
+  charset off;
+
+  set $MAGE_ROOT /var/www/webroot/ROOT;
+  set $MAGE_MODE default;
+  root $MAGE_ROOT/pub;
+
+location ~* ^/setup($|/) {
+    root $MAGE_ROOT;
+    location ~ ^/setup/index.php {
+        fastcgi_pass unix:/var/run/php-fpm.socket;
+        fastcgi_index  index.php;
+        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
+        include        fastcgi_params;
+    }
+
+    location ~ ^/setup/(?!pub/). {
+        deny all;
+    }
+
+    location ~ ^/setup/pub/ {
+        add_header X-Frame-Options "SAMEORIGIN";
+    }
+}
+
+# PHP entry point for update application
+location ~* ^/update($|/) {
+    root $MAGE_ROOT;
+
+    location ~ ^/update/index.php {
+        fastcgi_split_path_info ^(/update/index.php)(/.+)$;
+        fastcgi_pass unix:/var/run/php-fpm.socket;
+        fastcgi_index  index.php;
+        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
+        fastcgi_param  PATH_INFO        $fastcgi_path_info;
+        include        fastcgi_params;
+    }
+
+    # Deny everything but index.php
+    location ~ ^/update/(?!pub/). {
+        deny all;
+    }
+
+    location ~ ^/update/pub/ {
+        add_header X-Frame-Options "SAMEORIGIN";
+    }
+}
+
+location / {
+    try_files $uri $uri/ /index.php?$args;
+}
+
+location /pub/ {
+    location ~ ^/pub/media/(downloadable|customer|import|theme_customization/.*\.xml) {
+        deny all;
+    }
+    alias $MAGE_ROOT/pub/;
+    add_header X-Frame-Options "SAMEORIGIN";
+}
+
+location /static/ {
+    # Add the following line to enable CORS
+    include /etc/nginx/cors.conf;
+    # Uncomment the following line in production mode
+    # expires max;
+
+    # Remove signature of the static files that is used to overcome the browser cache
+    location ~ ^/static/version {
+        rewrite ^/static/(version\d*/)?(.*)$ /static/$2 last;
+    }
+
+    location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ {
+        add_header Cache-Control "public";
+    # Add the following line to add an "Access-Control-Allow-Origin" response header to define that the response can be shared with requesting code from any origin.
+        add_header Access-Control-Allow-Origin "*";
+        add_header X-Frame-Options "SAMEORIGIN";
+        expires +1y;
+
+        if (!-f $request_filename) {
+            rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last;
+        }
+    }
+    location ~* \.(zip|gz|gzip|bz2|csv|xml)$ {
+        add_header Cache-Control "no-store";
+        add_header X-Frame-Options "SAMEORIGIN";
+        expires    off;
+
+        if (!-f $request_filename) {
+           rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last;
+        }
+    }
+    if (!-f $request_filename) {
+        rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last;
+    }
+    add_header X-Frame-Options "SAMEORIGIN";
+}
+
+location /media/ {
+    # Add the following line to enable CORS
+    include /etc/nginx/cors.conf;
+    try_files $uri $uri/ /get.php?$args;
+
+    location ~ ^/media/theme_customization/.*\.xml {
+        deny all;
+    }
+
+    location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ {
+        add_header Cache-Control "public";
+        add_header X-Frame-Options "SAMEORIGIN";
+        expires +1y;
+        try_files $uri $uri/ /get.php?$args;
+    }
+    location ~* \.(zip|gz|gzip|bz2|csv|xml)$ {
+        add_header Cache-Control "no-store";
+        add_header X-Frame-Options "SAMEORIGIN";
+        expires    off;
+        try_files $uri $uri/ /get.php?$args;
+    }
+    add_header X-Frame-Options "SAMEORIGIN";
+}
+
+location /media/customer/ {
+    deny all;
+}
+
+location /media/downloadable/ {
+    deny all;
+}
+
+location /media/import/ {
+    deny all;
+}
+
+# PHP entry point for main application
+location ~ (index|get|static|report|404|503)\.php$ {
+    try_files $uri =404;
+    fastcgi_pass unix:/var/run/php-fpm.socket;
+    fastcgi_buffers 1024 4k;
+
+    fastcgi_read_timeout 600s;
+    fastcgi_connect_timeout 600s;
+
+    fastcgi_index  index.php;
+    fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
+    include        fastcgi_params;
+}
+
+# Banned locations (only reached if the earlier PHP entry point regexes don't match)
+location ~* (\.php$|\.htaccess$|\.git) {
+    deny all;
+}
+
+location = /health_check.php {
+    allow all;
+}
+
+}
+
+
