NGINX does weird things with If statements: http://wiki.nginx.org/IfIsEvil
It turns out, "if" inside a location directive w/ proxy_pass disables that implied URL-rewriting function. So, for example:
location /some/url/ {
proxy_pass http://backend/api/;
# example client url: http://server/some/url/data
# URL sent to proxy: http://backend/api/data
}
location /another/url/ {
set $test 1;
if ($test) {
# do nothing
}
proxy_pass http://backend/api/;
# example client url: http://server/another/url/data
# URL sent to proxy: http://backend/api/another/url/data
}
So I opted to move all my CORS-handling stuff to the server block, since I want CORS enabled across the board anyways, it makes sense.
It also turns out, you can't use "add_header" inside an "if" statement at the server block. But, you can set variables, and if you have something like add_header 'X-Header-Test' $empty_var;
- the header doesn't get added. Your variable needs data.
So, this NGINX config is meant to be used as an included file. Before including, you can set variables to customize it:
- $cors_allow_origin - set this to '*' or 'null', leave blank to send back the origin 'Origin' header
- $cors_allow_credentials - set this to true or false to allow/disallow sending credentials. defaults to true.
- $cors_max_age - set this to the number of seconds to cache pre-flight results, defaults to 48 hours
- $cors_allow_methods - set this to a list of allowed methods, if blank you'll get a default set of methods.
- $cors_allow_headers - set this to a list of allowed headers, if blank you'll get a default set of common headers.
Thanks for this! You probably want
$cors_max_age
set to172800
though (one more zero).