Please help me to understand why the following proxy configuration does not set the header X-Discourse-Echo-Proxy
:
server {
listen 80;
server_name corsproxy.discourseecho.com;
error_log /data/nginx/proxy-debug warn;
# access_log /data/nginx/proxy-access;
location / {
proxy_redirect off;
proxy_set_header Host $arg_proxy_target_domain;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_cache discourse_corsproxy;
proxy_cache_valid any 30m;
proxy_cache_lock on;
proxy_cache_lock_age 7s;
proxy_cache_lock_timeout 5s;
proxy_cache_methods GET HEAD POST;
proxy_ignore_headers Cache-Control X-Accel-Expires Expires Set-Cookie Vary;
proxy_hide_header Set-Cookie;
proxy_hide_header Cache-Control;
proxy_hide_header Expires;
proxy_hide_header X-Accel-Expires;
proxy_hide_header Vary;
proxy_hide_header Access-Control-Allow-Origin;
proxy_hide_header Access-Control-Allow-Credentials;
add_header X-Cache-Status $upstream_cache_status always;
add_header X-Discourse-Echo-Proxy "1" always;
# Nginx doesn't support nested If statements, so we
# concatenate compound conditions on the $cors variable
# and process later
# If request comes from allowed subdomain
# (discourseecho.com) then we enable CORS
if ($http_origin ~* (https?://discourseecho\.com$)) {
set $cors "1";
}
# If request comes from my home IP (Adelaide), enable CORS
if ($remote_addr = "103.192.193.144") {
set $cors "1";
}
# OPTIONS indicates a CORS pre-flight request
if ($request_method = 'OPTIONS') {
set $cors "${cors}o";
}
# Append CORS headers to any request from
# allowed CORS domain, except OPTIONS
if ($cors = "1") {
add_header Access-Control-Allow-Origin $http_origin always;
add_header Access-Control-Allow-Credentials "true" always;
proxy_pass $arg_proxy_target_protocol://$arg_proxy_target_domain;
}
# OPTIONS (pre-flight) request from allowed
# CORS domain. return response directly
if ($cors = "1o") {
add_header Access-Control-Allow-Origin $http_origin' always;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS, PUT, DELETE" always;
add_header Access-Control-Allow-Credentials "true" always;
add_header Access-Control-Allow-Headers "Origin,Content-Type,Accept" always;
add_header Content-Length 0;
add_header Content-Type text/plain;
return 204;
}
# Requests from non-allowed CORS domains
proxy_pass $arg_proxy_target_protocol://$arg_proxy_target_domain;
}
}
I expect the header to be added because of the following instruction:
add_header X-Discourse-Echo-Proxy "1" always;
But whatever HTTP requests I make, no such a header is present in responses. No errors or warnings in the log file. What should I check to identify the problem?
I have a feeling that the if statements may defeat add_header directives in the enclosing block. In the documentation it says:- "There could be several add_header directives. These directives are inherited from the previous level if and only if there are no add_header directives defined on the current level." That would mean that you may have to repeat yourself inside the if blocks.