From d50eaa865377fb7e026a52d3117d27448b6c6b3a Mon Sep 17 00:00:00 2001
From: 21pages <sunboeasy@gmail.com>
Date: Wed, 14 May 2025 13:48:35 +0800
Subject: [PATCH] add missing cors bypass for RustDesk public web client

Signed-off-by: 21pages <sunboeasy@gmail.com>
---
 .../rustdesk-server-pro/faq/_index.de.md      | 22 +++++++++++++++++++
 .../rustdesk-server-pro/faq/_index.en.md      | 21 ++++++++++++++++++
 .../rustdesk-server-pro/faq/_index.zh-cn.md   | 22 +++++++++++++++++++
 3 files changed, 65 insertions(+)

diff --git a/content/self-host/rustdesk-server-pro/faq/_index.de.md b/content/self-host/rustdesk-server-pro/faq/_index.de.md
index 99bbb1d..48975aa 100644
--- a/content/self-host/rustdesk-server-pro/faq/_index.de.md
+++ b/content/self-host/rustdesk-server-pro/faq/_index.de.md
@@ -380,6 +380,28 @@ server {
 Wenn Sie zuvor für Web-Clients bereitgestellt haben und es auf allen Plattformen verwenden möchten, müssen Sie `proxy_read_timeout` hinzufügen.
 {{% /notice %}}
 
+#### 9. CORS-Umgehung bei Verwendung des RustDesk öffentlichen Web-Clients `https://rustdesk.com/web`
+
+Sie müssen Folgendes im `location /`-Abschnitt der Datei `/etc/nginx/.../rustdesk.conf` hinzufügen, um die CORS-Beschränkungen der Browser zu umgehen. Überspringen Sie diesen Schritt, wenn Sie Ihren eigenen Web-Client verwenden.
+
+```
+        if ($http_origin ~* (https?://(www\.)?rustdesk\.com)) {
+            add_header 'Access-Control-Allow-Origin' "$http_origin" always;
+            add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, PATCH, OPTIONS' always;
+            add_header 'Access-Control-Allow-Headers' 'Origin, Content-Type, Accept, Authorization' always;
+            add_header 'Access-Control-Allow-Credentials' 'true' always;
+        }
+        if ($request_method = 'OPTIONS') {
+            add_header 'Access-Control-Allow-Origin' "$http_origin" always;
+            add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, PATCH, OPTIONS' always;
+            add_header 'Access-Control-Allow-Headers' 'Origin, Content-Type, Accept, Authorization' always;
+            add_header 'Access-Control-Allow-Credentials' 'true' always;
+            add_header 'Content-Length' 0;
+            add_header 'Content-Type' 'text/plain charset=UTF-8';
+            return 204;
+        }
+```
+
 ### SELinux
 
 Wenn bei der Installation die Meldung `Waiting for RustDesk Relay service to become active...` erscheint, kann dies durch SELinux verursacht werden. Sie können die folgenden Befehle ausprobieren:
diff --git a/content/self-host/rustdesk-server-pro/faq/_index.en.md b/content/self-host/rustdesk-server-pro/faq/_index.en.md
index 5da1c77..e05df84 100644
--- a/content/self-host/rustdesk-server-pro/faq/_index.en.md
+++ b/content/self-host/rustdesk-server-pro/faq/_index.en.md
@@ -450,6 +450,27 @@ server {
 If you have previously deployed for web clients and want to use it across all platforms, you need to add `proxy_read_timeout`.
 {{% /notice %}}
 
+#### 9. Bypass CORS if using RustDesk public web client `https://rustdesk.com/web`
+
+You need to add below in the `location /` section of the `/etc/nginx/.../rustdesk.conf` to bypass CORS limitation of browsers. Skip this step if you are using your own web client.
+
+```
+        if ($http_origin ~* (https?://(www\.)?rustdesk\.com)) {
+            add_header 'Access-Control-Allow-Origin' "$http_origin" always;
+            add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, PATCH, OPTIONS' always;
+            add_header 'Access-Control-Allow-Headers' 'Origin, Content-Type, Accept, Authorization' always;
+            add_header 'Access-Control-Allow-Credentials' 'true' always;
+        }
+        if ($request_method = 'OPTIONS') {
+            add_header 'Access-Control-Allow-Origin' "$http_origin" always;
+            add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, PATCH, OPTIONS' always;
+            add_header 'Access-Control-Allow-Headers' 'Origin, Content-Type, Accept, Authorization' always;
+            add_header 'Access-Control-Allow-Credentials' 'true' always;
+            add_header 'Content-Length' 0;
+            add_header 'Content-Type' 'text/plain charset=UTF-8';
+            return 204;
+        }
+```
 
 ### SELinux
 
diff --git a/content/self-host/rustdesk-server-pro/faq/_index.zh-cn.md b/content/self-host/rustdesk-server-pro/faq/_index.zh-cn.md
index 642dca1..a54507b 100644
--- a/content/self-host/rustdesk-server-pro/faq/_index.zh-cn.md
+++ b/content/self-host/rustdesk-server-pro/faq/_index.zh-cn.md
@@ -441,6 +441,28 @@ server {
 如果您之前为 Web 客户端部署过，并想在所有平台上使用，您需要添加 `proxy_read_timeout`。
 {{% /notice %}}
 
+#### 9. 如果您使用 RustDesk 公共 Web 客户端 `https://rustdesk.com/web`，需要绕过 CORS 限制
+
+您需要在 `/etc/nginx/.../rustdesk.conf` 的 `location /` 部分添加以下内容，以绕过浏览器的 CORS 限制。如果您使用自己的 Web 客户端，可以跳过此步骤。
+
+```
+        if ($http_origin ~* (https?://(www\.)?rustdesk\.com)) {
+            add_header 'Access-Control-Allow-Origin' "$http_origin" always;
+            add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, PATCH, OPTIONS' always;
+            add_header 'Access-Control-Allow-Headers' 'Origin, Content-Type, Accept, Authorization' always;
+            add_header 'Access-Control-Allow-Credentials' 'true' always;
+        }
+        if ($request_method = 'OPTIONS') {
+            add_header 'Access-Control-Allow-Origin' "$http_origin" always;
+            add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, PATCH, OPTIONS' always;
+            add_header 'Access-Control-Allow-Headers' 'Origin, Content-Type, Accept, Authorization' always;
+            add_header 'Access-Control-Allow-Credentials' 'true' always;
+            add_header 'Content-Length' 0;
+            add_header 'Content-Type' 'text/plain charset=UTF-8';
+            return 204;
+        }
+```
+
 ### 为什么我的日志/设备名称为空？
 确保在被控制的设备上正确设置了 API，https://github.com/rustdesk/rustdesk-server-pro/issues/21#issuecomment-1637935750。