Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Here' the minimal Access-Control-Allow-Origin header insertion necessary to allow any whitelisted sites to access resources via CORS headers.
# Minimal CORS config for nginx
# A modification of
# NB: This relies on the use of the 'Origin' HTTP Header.
location /static {
if ($http_origin ~* (whitelist\.address\.one|whitelist\.address\.two)$) {
add_header Access-Control-Allow-Origin "$http_origin";
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment