Nginx SSL enabled - CORS blocked

[testuser testuser]

Hey,

I'm using the docker compose approach from you guys to deploy

ReviewBoard on Localhost. So far so good.

Now I enabled SSL and added the SSL Key & CRT to the nginx config file.

Now I'm getting the following error:

-----

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://127.0.0.1/api/review-requests/561/last-update/?api_format=json. (Reason: CORS request did not succeed). Status code: (null).

My nginx config file looks like this:

server {

    server_name 127.0.0.1;

    listen 443 ssl http2;

    ssl_certificate     ssl/example.crt;

    ssl_certificate_key ssl/example.key;

    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;

    ssl_ciphers         HIGH:!aNULL:!MD5;

    root /var/www/reviewboard/htdocs;

    location / {

        proxy_pass http://host.docker.internal:8080/;

        proxy_set_header X-Forwarded-For $remote_addr;

        add_header Access-Control-Allow-Origin *;

        proxy_set_header Host $host;

    }

    location /media/ {

        alias /var/www/reviewboard/htdocs/media/;

        add_header Access-Control-Allow-Origin *;

        expires max;

        location ~ \.(html|htm|shtml|php)$ {

            add_header Access-Control-Allow-Origin *;

            types {}

            default_type text/plain;

        }

    }

    location /media/uploaded/ {

        alias /var/www/reviewboard/htdocs/media/uploaded/;

        add_header Access-Control-Allow-Origin *;

        location ~ \.([sp]?html?|php\d?|phtm?|phps|pl|py|f?cgi|jsp|sh|rb) {

            add_header Access-Control-Allow-Origin *;

        }

    }

    location /static/ {

        alias /var/www/reviewboard/htdocs/static/;

        add_header Access-Control-Allow-Origin *;

        expires max;

    }

    location /errordocs/ {

        alias /var/www/reviewboard/htdocs/errordocs/;

        add_header Access-Control-Allow-Origin *;

        expires 30d;

    }

}

-------

Can you guys tell me please what I'm doing wrong?

Thank you very much!

[Christian Hammond]

Hi,

You'll need to go into Admin UI -> General Settings and change the domain to use https:// instead of http://. That'll ensure that any API URLs are generated correctly.

Give that a try and let me know if it works for you.

Christian

--

---
You received this message because you are subscribed to the Google Groups "Review Board Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email to reviewboard-d...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/reviewboard-dev/da707077-58b6-43c3-83c7-000ce6c179a9n%40googlegroups.com.

--

Christian Hammond

President/CEO of Beanbag

Makers of Review Board

[testuser testuser]

Thank you very much, that fixed the problem!

Is there any way to configure that as code before deployment?

Maybe in the nginx conf file or somewhere else?

[Christian Hammond]

This configuration lives in the database, so it should only need to be set once, unless you’re setting up from-scratch installs with brand-new empty databases on a regular basis. All instances talking to the same database will respect that setting.

Christian

To view this discussion on the web visit https://groups.google.com/d/msgid/reviewboard-dev/8786b60c-24b7-4561-9624-bbb26c5709c7n%40googlegroups.com.

--