Last active
September 28, 2017 14:07
-
-
Save aviflax/48579de40be9d9acce81ea52183501e3 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Super CORS for NGINX | |
# NOT YET TESTED | |
# Based on https://enable-cors.org/server_nginx.html | |
# which was based on https://michielkalkman.com/snippets/nginx-cors-open-configuration/ | |
location / { | |
# preflight | |
if ($request_method = 'OPTIONS') { | |
add_header 'Access-Control-Allow-Origin' "$http_origin"; # wildcard wouldn’t work with Access-Control-Allow-Credentials | |
add_header 'Access-Control-Allow-Credentials' 'true'; | |
add_header 'Access-Control-Allow-Methods' 'DELETE, GET, PATCH, POST, PUT, OPTIONS'; | |
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'; | |
add_header 'Access-Control-Max-Age' 1728000; | |
add_header 'Content-Type' 'text/plain; charset=UTF-8'; | |
add_header 'Content-Length' 0; | |
return 204; | |
} | |
# non-preflight | |
if ($request_method ~ (DELETE|GET|PATCH|POST|PUT) { | |
# You might look at this and think this is duplicative with the above conditional | |
# block, and you’d be right — but don’t try to fix it. It has to be this way due to | |
# the quirks of how `if` and `add_header` work together. | |
add_header 'Access-Control-Allow-Origin' "$http_origin"; # wildcard wouldn’t work with Access-Control-Allow-Credentials | |
add_header 'Access-Control-Allow-Credentials' 'true'; | |
add_header 'Access-Control-Allow-Methods' 'DELETE, GET, PATCH, POST, PUT, OPTIONS'; | |
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment