ll911/gist:9c3366a6da028349fb5a6c753ff88361

## gistfile1.txt
            proxy_redirect off;
            proxy_set_header X-Forwarded-Proto https;
            proxy_set_header X-Forwarded-Host $host;
            proxy_set_header X-Forwarded-Server $host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       	    proxy_set_header   Connection "";
       	    proxy_http_version 1.1;

           if ($http_origin ~* (https?://.*\.apps\.gov\.bc\.ca(:[0-9]+)?$)) {
            set $cors "1";
           }

    # OPTIONS indicates a CORS pre-flight request
    if ($request_method = 'OPTIONS') {
       set $cors "${cors}o";
    }

    # Append CORS headers to any request from
    # allowed CORS domain, except OPTIONS
    if ($cors = "1") {
       more_set_headers 'Access-Control-Allow-Origin: $http_origin';
       more_set_headers 'Access-Control-Allow-Credentials: true';
       proxy_pass      http://unipear.api.gov.bc.ca;
    }

    # OPTIONS (pre-flight) request from allowed
    # CORS domain. return response directly
    if ($cors = "1o") {
       more_set_headers 'Access-Control-Allow-Origin: $http_origin';
       more_set_headers 'Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, DELETE';
       more_set_headers 'Access-Control-Allow-Credentials: true';
       more_set_headers 'Access-Control-Allow-Headers: Origin,Content-Type,Accept';
       add_header Content-Length 0;
       add_header Content-Type text/plain;
       return 204;
    }

    # Requests from non-allowed CORS domains
       proxy_pass      http://unipear.api.gov.bc.ca;
  }
	proxy_redirect off;
	proxy_set_header X-Forwarded-Proto https;
	proxy_set_header X-Forwarded-Host $host;
	proxy_set_header X-Forwarded-Server $host;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header Connection "";
	proxy_http_version 1.1;

	if ($http_origin ~* (https?://.*\.apps\.gov\.bc\.ca(:[0-9]+)?$)) {
	set $cors "1";
	}

	# OPTIONS indicates a CORS pre-flight request
	if ($request_method = 'OPTIONS') {
	set $cors "${cors}o";
	}

	# Append CORS headers to any request from
	# allowed CORS domain, except OPTIONS
	if ($cors = "1") {
	more_set_headers 'Access-Control-Allow-Origin: $http_origin';
	more_set_headers 'Access-Control-Allow-Credentials: true';
	proxy_pass http://unipear.api.gov.bc.ca;
	}

	# OPTIONS (pre-flight) request from allowed
	# CORS domain. return response directly
	if ($cors = "1o") {
	more_set_headers 'Access-Control-Allow-Origin: $http_origin';
	more_set_headers 'Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, DELETE';
	more_set_headers 'Access-Control-Allow-Credentials: true';
	more_set_headers 'Access-Control-Allow-Headers: Origin,Content-Type,Accept';
	add_header Content-Length 0;
	add_header Content-Type text/plain;
	return 204;
	}

	# Requests from non-allowed CORS domains
	proxy_pass http://unipear.api.gov.bc.ca;
	}