How do you send CORS header with NGINX Proxy Manager?

I’m trying to access my Home Assitant install via ajax from an outside URL. I’ve got the cors_allowed_origin setting correctly set up in the http component. But I’m still getting an error stating that ‘Access-Control-Allow-Origin’ is missing.

I’m also running the NGINX Proxy Manager addon. I suspect that I need to set up CORS in NGINX, but I don’t know how.

Can anyone point me in the right direction? Thanks!

1 Like

Hi,

in case you are still interested:

domain: hassio.localdomain
certfile: fullchain.pem
keyfile: privkey.pem
hsts: max-age=31536000; includeSubDomains
cloudflare: false
customize:
  active: true
  default: /nginx.conf
  servers: nginx_proxy/*.conf

and then creating a file called “nginx.conf” in the /share dir with e.g.

add_header Access-Control-Allow-Origin *;

(example might expose security risks)

2 Likes

Hi progonn,

Ive been breaking my head on this for a while and i cant seem to understand what is going wrong.
I have:
Cloudflare access setup to use Okta as idP, it allready sits in front of my domains.
if i go to https://hass.domain.com i get redirected to cloudflare>>Okta to authn.
Than i go to hass to authn again.

I also have NPM set up, but separate on my proxmox cluster.
Ive turned on:
Screenshot 2021-04-09 at 16.07.03
And added the header to the custom part:


in my hass config i have
http:
cors_allowed_origins:
- <>

ive tried all sorts of urls, from cloudflare, from Okta, from hass i almost always get a 200OK, but only when i test on terminal i get a 405 error when i check:
curl -I -XOPTIONS okta-url
-H ‘origin: https://hass.domain.com
-H ‘access-control-request-method: GET’

the response i get is:
HTTP/2 405
date : Fri, 09 Apr 2021 14:02:05 GMT
content-type : text/html;charset=utf-8
content-length : 449
server : nginx
public-key-pins-report-only : pin-sha256=""; pin-sha256=""; pin-sha256=""; pin-sha256=""; max-age=60; report-uri=“https://okta.report-uri.com/r/default/hpkp/reportOnly
content-language : en
strict-transport-security : max-age=315360000; includeSubDomains

Im simply lost where what needs to happen and how, but in this case i have 4 elements in play (Okta, cloudflare, NPM, Hass) and i cant seem to figure out how to set it up correctly.

Looks very familiar with my setup
Proxmox / HA / Node Red / API => CORS error
(
Get poperties from an API in Node-RED returns CORS error - #4 by dkarzon )

I see the error also refering to NGINX but where to config it? (Its not the NGINX addon)
Any solution ?