-
Notifications
You must be signed in to change notification settings - Fork 75
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Modifying CORS values on D8/D9 #1597
Comments
Hi @omega8cc team. It seems that we managed to get it working. The steps to make it happen are the following:
Eventually, this would be good if it would move into the folder |
I just placed a The contents were: parameters:
# Configure Cross-Site HTTP requests (CORS).
# Read https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
# for more information about the topic in general.
# Note: By default the configuration is disabled.
cors.config:
enabled: true
# Specify allowed headers, like 'x-allowed-header'.
allowedHeaders: ['x-csrf-token','authorization','content-type','accept','origin','x-requested-with', 'access-control-allow-origin','x-allowed-header','*']
# Specify allowed request methods, specify ['*'] to allow all possible ones.
allowedMethods: ['*']
# Configure requests allowed from specific origins. Do not include trailing
# slashes with URLs.
allowedOrigins: ['*']
# Sets the Access-Control-Expose-Headers header.
exposedHeaders: false
# Sets the Access-Control-Max-Age header.
maxAge: false
# Sets the Access-Control-Allow-Credentials header.
supportsCredentials: false |
Thanks @fotiDim , however, the problem is that as a typical limited user (with the |
@VangelisP I am self-hosting BOA so I have root access. I suppose you are using the omegacc-hosted version, right? |
I actually have both version, for production we use the omegacc-hosted version while for development we use an internal server with the omega8/boa stack. And while I can access as root, I would prefer if there's a way for the limited users to be able to alter this file so that my colleagues won't need to have root access. |
@VangelisP As an alternative solution I tried the cors_ui module which also worked fine for me and seems it could also fit your use case. |
There’s an old trick to make site directory writable, we just need to add it to the docs with new control file. Sent with GitHawk |
That could work I suppose. I was trying to find a way to make it more flexible from a sysadmin perspective (ie the person that manages the Aegir instance only and is not being involved in Drupal development or maintaining it). I'm also looking forward to see what omega88cc is thinking with the control file 😉 Thanks to both of you! |
Hi there!
With Drupal 7, when we wanted to modify CORS values, we were using the CORS module. On Drupal 8/9 , this module is not existing anymore since the task can be done via core. The way they suggest to do it is by using the
/sites/default/services.yml
.Example references:
I am aware that modifying the
/sites/default/services.yml
in this stack is forbidden (besides the fact that thedefault
folder is being removed) and I do understand that.I did find something described here but that relates mainly to debugging the theme by using the
development.services.yml
.Is there a way to reconfigure the CORS headers by using some sort of
services.yml
on a per-site basis?Would creating a new file
services.yml
and adding the configuration work ? Is it the proper way ?I tried that and i didn't see any changes to the behaviour so far (unless i messed up with the parameters).
Thanks!
The text was updated successfully, but these errors were encountered: