From 4429dd69857d59fe0ef2c6ca5a6974ac76062e50 Mon Sep 17 00:00:00 2001 From: Bernhard Reiter Date: Thu, 13 Mar 2025 18:23:28 +0100 Subject: [PATCH 1/3] feat: add access-control-allow-origin header .. for better access from web applications. improve #479 --- docs/scripts/DNSConfigForItest.sh | 2 ++ docs/scripts/setupProviderForITest.sh | 11 +++++++---- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/docs/scripts/DNSConfigForItest.sh b/docs/scripts/DNSConfigForItest.sh index f7b85f0..9196af3 100755 --- a/docs/scripts/DNSConfigForItest.sh +++ b/docs/scripts/DNSConfigForItest.sh @@ -28,6 +28,8 @@ echo " location = / { try_files /.well-known/csaf/provider-metadata.json =404; + # allow others web applications to get the static information + add_header Access-Control-Allow-Origin "*"; } access_log /var/log/nginx/dns-domain_access.log; diff --git a/docs/scripts/setupProviderForITest.sh b/docs/scripts/setupProviderForITest.sh index f9d7d18..2b6e6d1 100755 --- a/docs/scripts/setupProviderForITest.sh +++ b/docs/scripts/setupProviderForITest.sh @@ -56,11 +56,14 @@ location /cgi-bin/ { sudo sed -i "/^server {/a\ include fcgiwrap.conf;" $NGINX_CONFIG_PATH echo " - # For atomic directory switches - disable_symlinks off; + # For atomic directory switches + disable_symlinks off; - # directory listings - autoindex on; + # directory listings + autoindex on; + + # allow others web applications to get the static information + add_header Access-Control-Allow-Origin "*"; " > locationConfig.txt sudo sed -i "/^\s*location \/ {/r locationConfig.txt" $NGINX_CONFIG_PATH # Insert config inside location{} ./DNSConfigForItest.sh From 527fe71992797095f99e95c02f69711dc629e03d Mon Sep 17 00:00:00 2001 From: Bernhard Reiter Date: Thu, 13 Mar 2025 18:30:38 +0100 Subject: [PATCH 2/3] feat: set acao header * adapt provider-setup.md to changes for the acao header. --- docs/provider-setup.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/docs/provider-setup.md b/docs/provider-setup.md index 48c29d0..2fdf1e3 100644 --- a/docs/provider-setup.md +++ b/docs/provider-setup.md @@ -78,6 +78,9 @@ server { # directory listings autoindex on; + + # allow others web applications to get the static information + add_header Access-Control-Allow-Origin "*"; } # enable CGI @@ -155,7 +158,7 @@ Again replacing `{clientCert.crt}` and `{clientKey.pem}` accordingly. To let nginx resolves the DNS record `csaf.data.security.domain.tld` to fulfill the [Requirement 10](https://docs.oasis-open.org/csaf/csaf/v2.0/cs01/csaf-v2.0-cs01.html#7110-requirement-10-dns-path) configure a new server block (virtual host) in a separated file under `/etc/nginx/available-sites/{DNSNAME}` like following: - + ```sh server { From 17f6a3ac7eb7fac39825fb1ae8c25398d288fedc Mon Sep 17 00:00:00 2001 From: koplas Date: Fri, 14 Mar 2025 10:26:19 +0100 Subject: [PATCH 3/3] Fix inconsistent format --- docs/scripts/setupProviderForITest.sh | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/scripts/setupProviderForITest.sh b/docs/scripts/setupProviderForITest.sh index 2b6e6d1..ae6c6fc 100755 --- a/docs/scripts/setupProviderForITest.sh +++ b/docs/scripts/setupProviderForITest.sh @@ -56,14 +56,14 @@ location /cgi-bin/ { sudo sed -i "/^server {/a\ include fcgiwrap.conf;" $NGINX_CONFIG_PATH echo " - # For atomic directory switches - disable_symlinks off; + # For atomic directory switches + disable_symlinks off; - # directory listings - autoindex on; + # directory listings + autoindex on; - # allow others web applications to get the static information - add_header Access-Control-Allow-Origin "*"; + # allow others web applications to get the static information + add_header Access-Control-Allow-Origin "*"; " > locationConfig.txt sudo sed -i "/^\s*location \/ {/r locationConfig.txt" $NGINX_CONFIG_PATH # Insert config inside location{} ./DNSConfigForItest.sh