Article

  • 7 months

    7 months

    YetiShare / Core

    538

CORS Error When Using xAccelRedirect On "Direct" File Servers

Issue:


When using "direct" file server storage with xAccelRedirect enabled, you see an error in the browser console similar to the following:

Access to audio at 'https://yoursite.com/5Yta/Ek_miss_jou.mp3?download_token=7b946cca1799b554de0fc471e90b861e24ee2af9378ed67b62938eaa7bfb6653' from origin 'https://yoursite.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Fix:


On certain versions of Nginx, the custom headers set by the script are removed. You can fix this by adding them to the Nginx config file, the same place as your rewrite rules for the Yetishare script. On your file server(s) in:

/home/admin/conf/web/fs1.yoursite.com/nginx.conf_yetishare

Replace the /files/ section with:

location /files/ {
    # support cross domain requests (CORS), needed when xAccelRedirect is enabled on file servers
    add_header Access-Control-Allow-Origin https://yoursite.com;
    add_header Access-Control-Allow-Headers "Content-Type, Content-Range, Content-Disposition, Content-Description";
    add_header Access-Control-Allow-Credentials true;
    internal;
}

Ensure you replace yoursite.com with your domain name and restart Nginx.