Hi there, I was wondering whether PLCnext Engineer supports adding additional headers to responses from the REST API (located at /_pxc_api/version). I understand I can add headers by editing /etc/nginx/nginx.conf - just checking whether there’s a config option that I missed in PLCnext Engineer I could use instead. The reason why I’m looking to add a header, is because the REST API does not return a Access-Control-Allow-Origin header (rightfully so!). For our use case, I do want the API to return a Access-Control-Allow-Origin: * header, because it allows us to build a web app (i.e. a React app) that queries the API directly from a user’s browser. The API does not work with an authentication or authorization scheme that is based on something that is automatically provided by the browser (for example cookies, or sessions based on cookies); adding such a header therefore does not pose a direct security issue. Kind regards, John
Hi John, this is a very good question and I know that we’ve had did also modifications on the nginx conf on some apps. I’ve asked our web dev engineering team to maybe share some best practicies with you. They’ll come back to this post. BR, Frank
Hello John, you are right: there is currenty no option in PLCnext Engineer to set the Access-Control-Allow-Origin: * header value. Editing the nginx.conf can freely be done after setting up a root user in the system. Best regards Sebastian