From 9ca65313eab1a6391b9b30a8d4a3cbf83b407e61 Mon Sep 17 00:00:00 2001 From: Xidik Date: Sun, 22 Mar 2026 22:06:48 +0700 Subject: [PATCH 1/3] fix(service): add CORS defaults to Directus templates The Directus service templates were missing CORS configuration, causing preflight OPTIONS requests to fail when connecting from frontend apps. Users had to manually edit the compose file to add CORS variables. Add sensible CORS defaults (enabled with dynamic origin matching) to both directus.yaml and directus-with-postgresql.yaml templates. All values are user-overridable via the Coolify UI. Fixes #5024 --- templates/compose/directus-with-postgresql.yaml | 5 +++++ templates/compose/directus.yaml | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/templates/compose/directus-with-postgresql.yaml b/templates/compose/directus-with-postgresql.yaml index c35e411fd..3aaa8f139 100644 --- a/templates/compose/directus-with-postgresql.yaml +++ b/templates/compose/directus-with-postgresql.yaml @@ -27,6 +27,11 @@ services: - REDIS_HOST=redis - REDIS_PORT=6379 - WEBSOCKETS_ENABLED=true + - CORS_ENABLED=${CORS_ENABLED:-true} + - CORS_ORIGIN=${CORS_ORIGIN:-true} + - CORS_METHODS=${CORS_METHODS:-GET,POST,PATCH,DELETE,OPTIONS} + - CORS_ALLOWED_HEADERS=${CORS_ALLOWED_HEADERS:-Content-Type,Authorization} + - CORS_CREDENTIALS=${CORS_CREDENTIALS:-true} healthcheck: test: ["CMD", "wget", "-q", "--spider", "http://127.0.0.1:8055/admin/login"] interval: 5s diff --git a/templates/compose/directus.yaml b/templates/compose/directus.yaml index 36589c72a..5c02ab1a3 100644 --- a/templates/compose/directus.yaml +++ b/templates/compose/directus.yaml @@ -22,6 +22,11 @@ services: - DB_CLIENT=sqlite3 - DB_FILENAME=/directus/database/data.db - WEBSOCKETS_ENABLED=true + - CORS_ENABLED=${CORS_ENABLED:-true} + - CORS_ORIGIN=${CORS_ORIGIN:-true} + - CORS_METHODS=${CORS_METHODS:-GET,POST,PATCH,DELETE,OPTIONS} + - CORS_ALLOWED_HEADERS=${CORS_ALLOWED_HEADERS:-Content-Type,Authorization} + - CORS_CREDENTIALS=${CORS_CREDENTIALS:-true} healthcheck: test: ["CMD", "wget", "-q", "--spider", "http://127.0.0.1:8055/admin/login"] From c5ec79bbb88cd9dcf8ff6f94abc7d9d85180be73 Mon Sep 17 00:00:00 2001 From: ShadowArcanist <162910371+ShadowArcanist@users.noreply.github.com> Date: Fri, 3 Apr 2026 19:25:51 +0530 Subject: [PATCH 2/3] fix dangerous cors config for directus-with-postgresql service --- templates/compose/directus-with-postgresql.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/compose/directus-with-postgresql.yaml b/templates/compose/directus-with-postgresql.yaml index 3aaa8f139..763944456 100644 --- a/templates/compose/directus-with-postgresql.yaml +++ b/templates/compose/directus-with-postgresql.yaml @@ -28,7 +28,7 @@ services: - REDIS_PORT=6379 - WEBSOCKETS_ENABLED=true - CORS_ENABLED=${CORS_ENABLED:-true} - - CORS_ORIGIN=${CORS_ORIGIN:-true} + - CORS_ORIGIN=${CORS_ORIGIN} - CORS_METHODS=${CORS_METHODS:-GET,POST,PATCH,DELETE,OPTIONS} - CORS_ALLOWED_HEADERS=${CORS_ALLOWED_HEADERS:-Content-Type,Authorization} - CORS_CREDENTIALS=${CORS_CREDENTIALS:-true} From fa73d45b41e0c101de1b4ecb5aa644b24920f6c3 Mon Sep 17 00:00:00 2001 From: ShadowArcanist <162910371+ShadowArcanist@users.noreply.github.com> Date: Fri, 3 Apr 2026 19:26:06 +0530 Subject: [PATCH 3/3] fix dangerous cors config for directus service --- templates/compose/directus.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/compose/directus.yaml b/templates/compose/directus.yaml index 5c02ab1a3..1648f7e3d 100644 --- a/templates/compose/directus.yaml +++ b/templates/compose/directus.yaml @@ -23,7 +23,7 @@ services: - DB_FILENAME=/directus/database/data.db - WEBSOCKETS_ENABLED=true - CORS_ENABLED=${CORS_ENABLED:-true} - - CORS_ORIGIN=${CORS_ORIGIN:-true} + - CORS_ORIGIN=${CORS_ORIGIN} - CORS_METHODS=${CORS_METHODS:-GET,POST,PATCH,DELETE,OPTIONS} - CORS_ALLOWED_HEADERS=${CORS_ALLOWED_HEADERS:-Content-Type,Authorization} - CORS_CREDENTIALS=${CORS_CREDENTIALS:-true}