Merge pull request #510 from divyav-aot/rsbc/7.0.0

Merge to Main Repo

Author: ratheesh-aot

nginx.conf

@@ -33,6 +33,12 @@ http {
  gzip_comp_level 6;
  gzip_types text/plain text/css application/javascript application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
 
+ # Add CORS map to handle CORS preflight requests
+ map $request_method $cors_method {
+   OPTIONS 'true';
+   default '';
+ }
+
  server {
    # add in most common security headers
    add_header Content-Security-Policy "default-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'";
@@ -41,13 +47,24 @@ http {
    add_header X-XSS-Protection 1;
    add_header X-Frame-Options SAMEORIGIN;
 
+   # Add CORS headers to all responses
+   add_header 'Access-Control-Allow-Origin' '*' always;
+   add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
+   add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization' always;
+   add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
+
    listen 8080;
    server_name _;
 
    index index.html;
    error_log /dev/stdout info;
    access_log /dev/stdout;
 
+   # Handle preflight OPTIONS requests
+   if ($cors_method) {
+     return 204;
+   }
+
    # Serve versioned static files
    location ~ ^/forms-flow-.*@.*/.*$ {
      root /usr/share/nginx/html;