Add optional CORS settings to nginx-reverse-proxy

[schwamic]

Since the prod tutorial didn't work for me due to cors issues, I thought it might be helpful for others if there is an optional cors setting in the docs for an nginx.conf.

I added this cors settings for my environments (code based on enable-cors.org):

server {
  listen 80 default_server;
  listen [::]:80 default_server;
  server_name _;
  location / {
    proxy_pass  http://127.0.0.1:7700;
    # START - Enable CORS
    proxy_hide_header Access-Control-Allow-Origin;
    if ($request_method = 'OPTIONS') {
      add_header 'Access-Control-Allow-Origin' '*';
      add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
      add_header 'Access-Control-Allow-Headers' 'X-Meili-Api-Key,Access-Control-Allow-Origin,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
      add_header 'Access-Control-Max-Age' 1728000;
      add_header 'Content-Type' 'text/plain; charset=utf-8';
      add_header 'Content-Length' 0;
      return 204;
    }
    if ($request_method != 'OPTIONS') {
      add_header 'Access-Control-Allow-Origin' '*';
      add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
      add_header 'Access-Control-Allow-Headers' 'X-Meili-Api-Key,Access-Control-Allow-Origin,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
      add_header 'Access-Control-Allow-Credentials' true;
      add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
    }
    # END - Enable CORS
  }
}

[dichotommy]

Thanks for the suggestion @schwamic ! 😄

[Sharvadze]

@schwamic Thanks a lot, saved my day!

[maryamsulemani97]

@alallema The X-Meili-Api-Key is outdated. Could you please verify if the rest of the settings are up to date? Thanks! 🙏

[internetztube]

I ran into the exact same problem with my Laravel forge deployed Meilisearch Instance. This is how my location block now looks like:

location / {
  proxy_hide_header Access-Control-Allow-Origin;
  
  if ($request_method = 'OPTIONS') {
    add_header 'Access-Control-Allow-Origin' 'https://meilisearch-ui.riccox.com';
    add_header 'Access-Control-Allow-Credentials' 'true';
    add_header 'Access-Control-Allow-Headers' 'x-meilisearch-client,Authorization,Content-Type';
    add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS,PUT,DELETE,PATCH';
    
    add_header 'Access-Control-Max-Age' 1728000;
    add_header 'Content-Type' 'text/plain charset=UTF-8';
    add_header 'Content-Length' 0;
    return 204;
  } 
  
  if ($request_method != 'OPTIONS') {
    add_header 'Access-Control-Allow-Origin' 'https://meilisearch-ui.riccox.com';
    add_header 'Access-Control-Allow-Credentials' 'true';
    add_header 'Access-Control-Allow-Headers' 'x-meilisearch-client,Authorization,Content-Type';
    add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS,PUT,DELETE,PATCH';
  }
  proxy_pass http://127.0.0.1:7700;
}

[curquiza]

Hello @internetztube

The link in this issue is outdated, here is the new one: https://www.meilisearch.com/docs/learn/cookbooks/running_production#a-quick-introduction

Also, the issues of this repository are focused on the maintenance of the Meilisearch documentation. If you want direct support, I recommend asking your question on our Discord. People will be there to help you

[internetztube]

I just left this comment here to help other folks who are stumbling across the same issue. Regarding the documentation, I cannot find any resources that mention CORS.

site:meilisearch.com "cors"

[curquiza]

PRs are welcome to fix documentation about this ❤️