Skip to content

fix: NIM - remove unnecessary Origin and Referer headers in API calls #1630

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
mjang merged 3 commits into from
Jan 6, 2026
+5 −36
Merged

fix: NIM - remove unnecessary Origin and Referer headers in API calls #1630

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
6bbe323
fix: NIM - remove unnecessary Origin and Referer headers in API calls
aknot242 Jan 5, 2026
6f57f2a
additional references
aknot242 Jan 5, 2026
9183ee3
Merge branch 'main' into nim-remove-headers
aknot242 Jan 6, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 1 addition & 14 deletions content/includes/nim/disconnected/license-usage-offline-script.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -175,15 +175,10 @@ if [[ "$device_mode" == "CONNECTED" ]]; then
exit 1
fi

ORIGIN="https://$NIM_IP"
REFERER="$ORIGIN/ui/settings/license"

if [[ "$USE_CASE" == "initial" ]]; then
echo "Applying JWT license"
sleep 5
RESPONSE=$(curl -sS -k --max-time 10 -w "\n%{http_code}" -X POST "https://$NIM_IP/api/platform/v1/license?telemetry=true" \
-H "Origin: $ORIGIN" \
-H "Referer: $REFERER" \
-H "Content-Type: application/json" \
-H "Authorization: Basic $AUTH_HEADER" \
-d "$JSON_PAYLOAD")
Expand All @@ -204,12 +199,9 @@ if [[ "$NIM_VER" < "2.18" ]]; then
exit 1
elif [[ "$NIM_VER" == "2.18" ]] || [[ "$NIM_VER" == "2.19" ]]; then
echo "NGINX Instance Manager version $NIM_VER detected."
ORIGIN="https://$NIM_IP"

# Send the PUT request and separate body and status code
PUT_RESPONSE_CODE=$(curl -k -s -w "%{http_code}" -o /tmp/put_response.json --location --request PUT "https://$NIM_IP/api/platform/v1/license?telemetry=true" \
--header "Origin: $ORIGIN" \
--header "Referer: https://$NIM_IP/ui/settings/license" \
--header "Content-Type: application/json" \
--header "Authorization: Basic $AUTH_HEADER" \
--data '{
Expand Down Expand Up @@ -246,8 +238,6 @@ fi

if [[ "$USE_CASE" != "telemetry" ]]; then
RESPONSE=$(curl -sS -k --max-time 10 -w "\n%{http_code}" -X POST "https://$NIM_IP/api/platform/v1/license?telemetry=true" \
-H "Origin: $ORIGIN" \
-H "Referer: $REFERER" \
-H "Content-Type: application/json" \
-H "Authorization: Basic $AUTH_HEADER" \
-d "$JSON_PAYLOAD")
Expand All @@ -266,13 +256,11 @@ if [[ "$NIM_VER" == "2.18" ]] || [[ "$NIM_VER" == "2.19" ]]; then
--header "accept: application/json" \
--header "authorization: Basic $AUTH_HEADER" \
--header "content-type: application/json" \
--header "origin: https://$NIM_IP" \
--output /tmp/response.zip)
else
prepare_usage_command="curl --insecure --location 'https://$NIM_IP/api/platform/v1/report/download?format=zip&reportType=telemetry&telemetryAction=prepare' \
--header 'accept: application/json' \
--header 'authorization: Basic $AUTH_HEADER' \
--header 'referer: https://$NIM_IP/ui/settings/license'"
--header 'authorization: Basic $AUTH_HEADER'
report_save_path="${output_file:-/tmp/response.zip}"

download_usage_command="curl --insecure --location 'https://$NIM_IP/api/platform/v1/report/download?format=zip&reportType=telemetry&telemetryAction=download' \
Expand Down Expand Up @@ -302,7 +290,6 @@ else
--header "accept: application/json" \
--header "authorization: Basic $AUTH_HEADER" \
--header "content-type: application/json" \
--header "origin: https://$NIM_IP" \
--output /tmp/response.zip)

HTTP_STATUS=$(echo "$HTTP_RESPONSE" | tail -n1)
Expand Down
2 changes: 1 addition & 1 deletion content/nap-dos/deployment-guide/best-practices.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -165,7 +165,7 @@ F5 DoS for NGINX provides a range of application monitoring tools:

A complete guide on configuring F5 DoS for NGINX Live Activity Monitoring be found here: [F5 DoS for NGINX Live Activity Monitoring](https://docs.nginx.com/nginx-app-protect-dos/monitoring/live-activity-monitoring/) <br>
Below is an example configuration that limits API location access to the local network using the allow and deny directives, and uses HTTP Basic Authentication to restrict the PATCH, POST, and DELETE methods to specific users.<br>
To view the dashboard, enter its address in your browser’s address bar.For example, http://192.168.1.23/dashboard-dos.html displays the dashboard page located in `/usr/share/nginx/html`, as specified by the root directive.<br>
To view the dashboard, enter its address in your browser’s address bar. For example, http://192.168.1.23/dashboard-dos.html displays the dashboard page located in `/usr/share/nginx/html`, as specified by the root directive.<br>

```nginx
http {
Expand Down
7 changes: 1 addition & 6 deletions content/nim/disconnected/add-license-disconnected-deployment.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -77,8 +77,6 @@ Run these `curl` commands on a system that can access NGINX Instance Manager and

```shell
curl -k --location 'https://<NIM-FQDN>/api/platform/v1/license?telemetry=true' \
--header 'Origin: https://<NIM-FQDN>' \
--header 'Referer: https://<NIM-FQDN>/ui/settings/license' \
--header 'Content-Type: application/json' \
--header 'Authorization: Basic <base64-encoded-credentials>' \
--data '{
Expand All @@ -98,8 +96,7 @@ Run these `curl` commands on a system that can access NGINX Instance Manager and
```shell
curl -k "https://<NIM-FQDN>/api/platform/v1/license" \
--header "accept: application/json" \
--header "authorization: Basic <base64-encoded-credentials>" \
--header "referer: https://<NIM-FQDN>/ui/settings/license"
--header "authorization: Basic <base64-encoded-credentials>"
```

1. **Update the license configuration on NGINX Instance Manager (not required in 2.20 or later)**:
Expand All @@ -108,8 +105,6 @@ Run these `curl` commands on a system that can access NGINX Instance Manager and

```shell
curl -k --location --request PUT "https://<NIM-FQDN>/api/platform/v1/license?telemetry=true" \
--header "Origin: https://<NIM-FQDN>" \
--header "Referer: https://<NIM-FQDN>/ui/settings/license" \
--header "Content-Type: application/json" \
--header "Authorization: Basic <base64-encoded-credentials>" \
--data '{
Expand Down
17 changes: 2 additions & 15 deletions static/scripts/license_usage_offline.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -165,15 +165,10 @@ if [[ "$device_mode" == "CONNECTED" ]]; then
exit 1
fi

ORIGIN="https://$NIM_IP"
REFERER="$ORIGIN/ui/settings/license"

if [[ "$USE_CASE" == "initial" ]]; then
echo "Applying JWT license"
sleep 5
RESPONSE=$(curl -sS -k --max-time 10 -w "\n%{http_code}" -X POST "https://$NIM_IP/api/platform/v1/license?telemetry=true" \
-H "Origin: $ORIGIN" \
-H "Referer: $REFERER" \
-H "Content-Type: application/json" \
-H "Authorization: Basic $AUTH_HEADER" \
-d "$JSON_PAYLOAD")
Expand All @@ -194,12 +189,9 @@ if [[ "$NIM_VER" < "2.18" ]]; then
exit 1
elif [[ "$NIM_VER" == "2.18" ]] || [[ "$NIM_VER" == "2.19" ]]; then
echo "NGINX Instance Manager version $NIM_VER detected."
ORIGIN="https://$NIM_IP"

# Send the PUT request and separate body and status code
PUT_RESPONSE_CODE=$(curl -k -s -w "%{http_code}" -o /tmp/put_response.json --location --request PUT "https://$NIM_IP/api/platform/v1/license?telemetry=true" \
--header "Origin: $ORIGIN" \
--header "Referer: https://$NIM_IP/ui/settings/license" \
--header "Content-Type: application/json" \
--header "Authorization: Basic $AUTH_HEADER" \
--data '{
Expand Down Expand Up @@ -236,8 +228,6 @@ fi

if [[ "$USE_CASE" != "telemetry" ]]; then
RESPONSE=$(curl -sS -k --max-time 10 -w "\n%{http_code}" -X POST "https://$NIM_IP/api/platform/v1/license?telemetry=true" \
-H "Origin: $ORIGIN" \
-H "Referer: $REFERER" \
-H "Content-Type: application/json" \
-H "Authorization: Basic $AUTH_HEADER" \
-d "$JSON_PAYLOAD")
Expand All @@ -260,13 +250,11 @@ if [[ "$NIM_VER" == "2.18" ]] || [[ "$NIM_VER" == "2.19" ]]; then
--header "accept: application/json" \
--header "authorization: Basic $AUTH_HEADER" \
--header "content-type: application/json" \
--header "origin: https://$NIM_IP" \
--output /tmp/response.zip)
else
prepare_usage_command="curl --insecure --location 'https://$NIM_IP/api/platform/v1/report/download?format=zip&reportType=telemetry&telemetryAction=prepare' \
prepare_usage_command="curl --insecure --location 'https://$NIM_IP/api/platform/v1/report/download?format=zip&reportType=telemetry&telemetryAction=prepare' \
--header 'accept: application/json' \
--header 'authorization: Basic $AUTH_HEADER' \
--header 'referer: https://$NIM_IP/ui/settings/license'"
--header 'authorization: Basic $AUTH_HEADER'
report_save_path="${output_file:-/tmp/response.zip}"

download_usage_command="curl --insecure --location 'https://$NIM_IP/api/platform/v1/report/download?format=zip&reportType=telemetry&telemetryAction=download' \
Expand Down Expand Up @@ -299,7 +287,6 @@ else
--header "accept: application/json" \
--header "authorization: Basic $AUTH_HEADER" \
--header "content-type: application/json" \
--header "origin: https://$NIM_IP" \
--output /tmp/response.zip)
# Extract the HTTP status code (last line)
HTTP_STATUS=$(echo "$HTTP_RESPONSE" | tail -n1)
Expand Down