make Access-Control-Allow-Origin configurable

[sgohl]

When referencing an uploaded image via webgl from another webapp, browsers deny due to CORS

For an image share app, I feel it's crucial to at least have it configurable to be able to opt for

Access-Control-Allow-Origin "*"

I think, reasonable would be an include statement in the main nginx conf, a dynamic generated nginx-conf snippet file combined with a conditional in start.sh that writes the statement to this snippet file in case a variable is set, probably even evaluate the env value

[sgohl]

I'm not sure whether to do it this way (dedicated env var) or to provide a more general way of adding nginx snippets what would be my preferred option, but then the env should support multi-line values and maybe even base64

I usually don't like to be forced to mount files into containers, hence the env approach.

[geek-at]

If you use a reverse proxy behind the docker container you can set them there as the highest point in the chain (closer to the internet) can overwrite the headers. Currently they are hardcoded in the nginx config file of the container.

[sgohl]

@geek-at I'm aware of that, but this adds unnecessary complexity/requirement to the reverse proxy in front, which is in that regard not it's actual job. Setting this header is responsibility of the application itself, at least for my understanding. There are people who don't use plain old handrafted nginx configs for only a handful of things. This gets easily unmanagable for hundreds of web apps.

edit: did you check my fork proposal? https://github.com/sgohl/pictshare/pull/1/files