-
Notifications
You must be signed in to change notification settings - Fork 0
/
nginx-cors.conf
39 lines (35 loc) · 1.61 KB
/
nginx-cors.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
#
# CORS header support
#
# As of Nginx 1.7.5, add_header supports an "always" parameter which
# allows CORS to work if the backend returns 4xx or 5xx status code.
#
# For more information on CORS, please see: http://enable-cors.org/
# From this Gist: https://gist.github.com/Stanback/7145487
# And this: https://gist.github.com/pauloricardomg/7084524
#
set $cors '1';
# OPTIONS indicates a CORS pre-flight request
if ($request_method = 'OPTIONS') {
set $cors "${cors}o";
}
if ($cors = '1') {
add_header 'Access-Control-Allow-Origin' '$http_origin' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, PATCH, DELETE, OPTIONS' always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Allow-Headers' '$http_access_control_request_headers' always;
add_header 'Access-Control-Expose-Headers' '*' always;
}
# OPTIONS (pre-flight) request from allowed CORS domain. return response directly
if ($cors = '1o') {
# Tell client that this pre-flight info is valid for 20 days
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Access-Control-Allow-Origin' '$http_origin' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, PATCH, DELETE, OPTIONS' always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Allow-Headers' '$http_access_control_request_headers' always;
add_header 'Access-Control-Expose-Headers' '*' always;
add_header 'Content-Type' 'text/plain charset=UTF-8';
add_header 'Content-Length' 0;
return 200;
}