starred/nginx-proxy-manager-NginxProxyManager
1
0
Fork 0
mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2026-04-26 09:55:51 +03:00
Code Issues 937 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #379] Custom CORS #319

New issue
Open
opened 2026-02-26 06:32:15 +03:00 by kerem · 14 comments
kerem commented 2026-02-26 06:32:15 +03:00
Owner
Copy link

Originally created by @JonathanTreffler on GitHub (Apr 18, 2020).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/379

Is your feature request related to a problem? Please describe.
We all know CORS is a huge pain to set up. At least if you want to do it right and don't already have a working snippet to paste in.
I love this Proxy Manager, because it makes many things much more easy, but it makes CORS even worse.
I have been able to create a proxy host, that can handle preflight cors requests with a custom location (like in #202), but i still think there should be a way to set CORS with the GUI.
A GUI Option was mentioned in #202, but since that wasn't the original topic of the issue i created this issue dedicated to a gui solution.

Describe the solution you'd like
A GUI for CORS in the Advanced Tab, to control CORS like this:
image

Originally created by @JonathanTreffler on GitHub (Apr 18, 2020). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/379 **Is your feature request related to a problem? Please describe.** We all know CORS is a huge pain to set up. At least if you want to do it right and don't already have a working snippet to paste in. I love this Proxy Manager, because it makes many things much more easy, but it makes CORS even worse. I have been able to create a proxy host, that can handle preflight cors requests with a custom location (like in #202), but i still think there should be a way to set CORS with the GUI. A GUI Option was mentioned in #202, but since that wasn't the original topic of the issue i created this issue dedicated to a gui solution. **Describe the solution you'd like** A GUI for CORS in the Advanced Tab, to control CORS like this: ![image](https://user-images.githubusercontent.com/28999431/79633201-4e625000-8164-11ea-9c90-ac440d7af3b3.png)
kerem commented 2026-02-26 06:32:16 +03:00
Author
Owner
Copy link

@fturiot commented on GitHub (Feb 9, 2021):

hi,
actualy how change Access-Control-Allow-Origin ?

thanks

<!-- gh-comment-id:775870323 --> @fturiot commented on GitHub (Feb 9, 2021): hi, actualy how change Access-Control-Allow-Origin ? thanks
kerem commented 2026-02-26 06:32:16 +03:00
Author
Owner
Copy link

@JonathanTreffler commented on GitHub (Feb 10, 2021):

actualy how change Access-Control-Allow-Origin ?

Thats not easy in my opinion, but take a look here #202

<!-- gh-comment-id:776621695 --> @JonathanTreffler commented on GitHub (Feb 10, 2021): > actualy how change Access-Control-Allow-Origin ? Thats not easy in my opinion, but take a look here #202
kerem commented 2026-02-26 06:32:16 +03:00
Author
Owner
Copy link

@Na0mir commented on GitHub (Mar 25, 2021):

This would be awesome!

<!-- gh-comment-id:806423405 --> @Na0mir commented on GitHub (Mar 25, 2021): This would be awesome!
kerem commented 2026-02-26 06:32:16 +03:00
Author
Owner
Copy link

@trdwll commented on GitHub (Jan 6, 2022):

@jc21 Any news on this? I think it could be a great small addition to the next release if you have the time.

<!-- gh-comment-id:1006558434 --> @trdwll commented on GitHub (Jan 6, 2022): @jc21 Any news on this? I think it could be a great small addition to the next release if you have the time.
kerem commented 2026-02-26 06:32:16 +03:00
Author
Owner
Copy link

@NathanPeake commented on GitHub (Apr 4, 2022):

this is really needed

<!-- gh-comment-id:1087922955 --> @NathanPeake commented on GitHub (Apr 4, 2022): this is really needed
kerem commented 2026-02-26 06:32:16 +03:00
Author
Owner
Copy link

@rallisf1 commented on GitHub (Aug 7, 2022):

Just want to share my working config for CORS as I spent quite a few hours to figure it out. I use the following on the advanced tab of the proxy host settings:

location ~ ^/THE-PATH-TO-PROTECT {
	more_set_headers 'Access-Control-Allow-Origin: https://YOUR-REQUEST-DOMAIN';
	more_set_headers 'Access-Control-Allow-Headers: Authorization';
	more_set_headers 'Access-Control-Allow-Credentials: true';
	more_set_headers 'Access-Control-Allow-Methods: GET,POST,OPTIONS,PUT,DELETE,PATCH';
	more_set_headers 'Access-Control-Allow-Headers: Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range';
	
	
    if ($request_method = 'OPTIONS') {
      more_set_headers 'Access-Control-Allow-Origin: https://YOUR-REQUEST-DOMAIN';
      more_set_headers 'Access-Control-Allow-Credentials: true';
      more_set_headers 'Access-Control-Allow-Headers: Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range';
      more_set_headers 'Access-Control-Allow-Methods: GET,POST,OPTIONS,PUT,DELETE,PATCH';
      more_set_headers 'Access-Control-Max-Age: 1728000';
      more_set_headers 'Content-Type: text/plain charset=UTF-8';
      more_set_headers 'Content-Length: 0';
      return 204;
    }

    include conf.d/include/proxy.conf;
}

Edit Nov/22: For some reason add_header stopped working a few weeks ago, more_set_headers did the trick.

<!-- gh-comment-id:1207363141 --> @rallisf1 commented on GitHub (Aug 7, 2022): Just want to share my working config for CORS as I spent quite a few hours to figure it out. I use the following on the advanced tab of the proxy host settings: ``` location ~ ^/THE-PATH-TO-PROTECT { more_set_headers 'Access-Control-Allow-Origin: https://YOUR-REQUEST-DOMAIN'; more_set_headers 'Access-Control-Allow-Headers: Authorization'; more_set_headers 'Access-Control-Allow-Credentials: true'; more_set_headers 'Access-Control-Allow-Methods: GET,POST,OPTIONS,PUT,DELETE,PATCH'; more_set_headers 'Access-Control-Allow-Headers: Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range'; if ($request_method = 'OPTIONS') { more_set_headers 'Access-Control-Allow-Origin: https://YOUR-REQUEST-DOMAIN'; more_set_headers 'Access-Control-Allow-Credentials: true'; more_set_headers 'Access-Control-Allow-Headers: Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range'; more_set_headers 'Access-Control-Allow-Methods: GET,POST,OPTIONS,PUT,DELETE,PATCH'; more_set_headers 'Access-Control-Max-Age: 1728000'; more_set_headers 'Content-Type: text/plain charset=UTF-8'; more_set_headers 'Content-Length: 0'; return 204; } include conf.d/include/proxy.conf; } ``` Edit Nov/22: For some reason `add_header` stopped working a few weeks ago, `more_set_headers` did the trick.
kerem commented 2026-02-26 06:32:16 +03:00
Author
Owner
Copy link

@Tharic99 commented on GitHub (Aug 17, 2022):

@rallisf1 Can you clarify more what location ~ ^/THE-PATH-TO-PROTECT { means?

Example: If my hosted domain is www.yahoo.com and I want to ensure that 192.168.x.x is allowed via CORS, I know I would replace YOUR-REQUEST-DOMAIN with www.yahoo.com, but does the 192.168.x.x go anywhere?

<!-- gh-comment-id:1217291511 --> @Tharic99 commented on GitHub (Aug 17, 2022): @rallisf1 Can you clarify more what `location ~ ^/THE-PATH-TO-PROTECT {` means? Example: If my hosted domain is www.yahoo.com and I want to ensure that 192.168.x.x is allowed via CORS, I know I would replace YOUR-REQUEST-DOMAIN with www.yahoo.com, but does the 192.168.x.x go anywhere?
kerem commented 2026-02-26 06:32:16 +03:00
Author
Owner
Copy link

@rallisf1 commented on GitHub (Aug 17, 2022):

@Tharic99 see the docs for location syntax. THE-PATH-TO-PROTECT is used if you want to use CORS just for a subfolder, the hosted domain is inherited from the server block.

YOUR-REQUEST-DOMAIN can be your IP address as long as that is used for the request. Check the error message in your browser console and use exactly the address that fails CORS. Also note that you can only allow 1 address (or IP) by default and cannot use wildcards. See here for a workaround.

<!-- gh-comment-id:1217511541 --> @rallisf1 commented on GitHub (Aug 17, 2022): @Tharic99 see the [docs](http://nginx.org/en/docs/http/ngx_http_core_module.html#location) for location syntax. `THE-PATH-TO-PROTECT` is used if you want to use CORS just for a subfolder, the hosted domain is inherited from the server block. `YOUR-REQUEST-DOMAIN` can be your IP address as long as that is used for the request. Check the error message in your browser console and use exactly the address that fails CORS. Also note that you can only allow 1 address (or IP) by default and cannot use wildcards. See [here](https://stackoverflow.com/a/27879729) for a workaround.
kerem commented 2026-02-26 06:32:16 +03:00
Author
Owner
Copy link

@luixal commented on GitHub (Oct 7, 2022):

Hi,

This comment from @rallisf1 just saved my day. Thanks man!

<!-- gh-comment-id:1272044672 --> @luixal commented on GitHub (Oct 7, 2022): Hi, [This comment](https://github.com/NginxProxyManager/nginx-proxy-manager/issues/379#issuecomment-1207363141) from @rallisf1 just saved my day. Thanks man!
kerem commented 2026-02-26 06:32:16 +03:00
Author
Owner
Copy link

@github-actions[bot] commented on GitHub (Mar 30, 2024):

Issue is now considered stale. If you want to keep it open, please comment 👍

<!-- gh-comment-id:2027867469 --> @github-actions[bot] commented on GitHub (Mar 30, 2024): Issue is now considered stale. If you want to keep it open, please comment :+1:
kerem commented 2026-02-26 06:32:16 +03:00
Author
Owner
Copy link

@dimo414 commented on GitHub (Mar 30, 2024):

Stalebot go away.

<!-- gh-comment-id:2027899714 --> @dimo414 commented on GitHub (Mar 30, 2024): Stalebot go away.
kerem commented 2026-02-26 06:32:16 +03:00
Author
Owner
Copy link

@github-actions[bot] commented on GitHub (Dec 21, 2024):

Issue is now considered stale. If you want to keep it open, please comment 👍

<!-- gh-comment-id:2557951300 --> @github-actions[bot] commented on GitHub (Dec 21, 2024): Issue is now considered stale. If you want to keep it open, please comment :+1:
kerem commented 2026-02-26 06:32:16 +03:00
Author
Owner
Copy link

@NathanPeake commented on GitHub (Dec 21, 2024):

not stale

<!-- gh-comment-id:2558078303 --> @NathanPeake commented on GitHub (Dec 21, 2024): not stale
kerem commented 2026-02-26 06:32:16 +03:00
Author
Owner
Copy link

@github-actions[bot] commented on GitHub (Nov 12, 2025):

Issue is now considered stale. If you want to keep it open, please comment 👍

<!-- gh-comment-id:3519568061 --> @github-actions[bot] commented on GitHub (Nov 12, 2025): Issue is now considered stale. If you want to keep it open, please comment :+1:
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
develop
dependabot/npm_and_yarn/backend/liquidjs-10.25.7
dependabot/npm_and_yarn/frontend/prod-minor-updates-2a16bf3987
dependabot/npm_and_yarn/frontend/dev-patch-updates-754666cf41
dependabot/npm_and_yarn/backend/basic-ftp-5.3.0
dependabot/npm_and_yarn/test/follow-redirects-1.16.0
dependabot/npm_and_yarn/test/axios-1.15.0
dependabot/npm_and_yarn/frontend/lodash-4.18.1
dependabot/npm_and_yarn/backend/lodash-4.18.1
dependabot/npm_and_yarn/test/lodash-4.18.1
dependabot/npm_and_yarn/frontend/vite-7.3.2
dependabot/npm_and_yarn/backend/prod-minor-updates-5ec19a7f21
dependabot/npm_and_yarn/frontend/lodash-es-4.18.1
dependabot/npm_and_yarn/frontend/happy-dom-20.8.9
dependabot/npm_and_yarn/backend/path-to-regexp-8.4.0
dependabot/npm_and_yarn/frontend/picomatch-4.0.4
dependabot/npm_and_yarn/backend/picomatch-2.3.2
dependabot/npm_and_yarn/frontend/yaml-1.10.3
dependabot/npm_and_yarn/test/flatted-3.4.2
dependabot/npm_and_yarn/test/tar-7.5.11
dependabot/npm_and_yarn/frontend/immutable-5.1.5
master
dependabot/npm_and_yarn/test/glob-10.5.0
dependabot/npm_and_yarn/frontend/mdast-util-to-hast-13.2.1
dependabot/npm_and_yarn/test/form-data-4.0.4
v3-abandoned
bump-freedns
openidc
ssl-passthrough-hosts
static-content
v2.14.0
v2.13.7
v2.13.6
v2.13.5
v2.13.4
v2.13.3
v2.13.2
v2.13.1
v2.13.0
v2.12.6
v2.12.5
v2.12.4
v2.12.3
v2.12.2
v2.12.1
v2.12.0
v2.11.3
v2.11.2
v2.11.1
v2.11.0
v2.10.4
v2.10.3
v2.10.2
v2.10.1
v2.10.0
v2.9.22
v2.9.21
v2.9.20
v2.9.19
v2.9.18
v2.9.17
v2.9.16
v2.9.15
v2.9.14
v2.9.13
v2.9.12
v2.9.11
v2.9.10
v2.9.9
v2.9.8
v2.9.7
v2.9.6
v2.9.5
v2.9.4
v2.9.3
v2.9.2
v2.9.1
v2.9.0
v2.8.1
v2.8.0
v2.7.3
v2.7.2
v2.7.1
v2.7.0
v2.6.2
v2.6.1
v2.6.0
v2.5.0
v2.4.0
v2.3.1
v2.3.0
v2.2.4
v2.2.3
v2.2.2
v2.2.1
v2.2.0
v2.1.2
v2.1.1
v2.1.0
2.0.14
2.0.13
2.0.12
2.0.11
2.0.10
2.0.9
2.0.8
2.0.7
2.0.6
2.0.5
2.0.4
2.0.3
2.0.2
2.0.0
v2.0.0
1.1.2
1.1.1
1.0.1
Labels
Clear labels   
awaiting feedback

   
bug

   
cannot reproduce

   
dns provider request

   
duplicate

   
enhancement

   
enhancement

   
enhancement

   
good first issue

   
help wanted

   
invalid

   
need more info

   
no certbot plugin available

   
product-support

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
stale

   
troll

   
upstream issue

   
v2

   
v2

   
v2

   
v3

   
wontfix
No labels
awaiting feedback
bug
cannot reproduce
dns provider request
duplicate
enhancement
enhancement
enhancement
good first issue
help wanted
invalid
need more info
no certbot plugin available
product-support
pull-request
question
stale
troll
upstream issue
v2
v2
v2
v3
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/nginx-proxy-manager-NginxProxyManager#319
No description provided.