nginx CORS configuration for backend api

nginx_api.conf

upstream api_hosts {
    server 127.0.0.1:59000;
}


server {
    listen 80;

    location / {
        root /opt/ui/ui-dist;
    }

    location /api {
        if ($request_method = OPTIONS) {
          add_header 'Access-Control-Max-Age' 1728000;
          add_header 'Content-Type' 'text/plain charset=UTF-8';
          add_header 'Content-Length' 0;
          add_header 'Access-Control-Allow-Origin' "$http_origin" always;
          add_header 'Access-Control-Allow-Credentials' 'true' always;
          add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
          add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With' always;
          # required to be able to read Authorization header in frontend
          add_header 'Access-Control-Expose-Headers' 'Authorization' always;

          return 204;
        }

        rewrite /api/(.*) /$1  break;

        add_header 'Access-Control-Allow-Origin' "$http_origin" always;
        add_header 'Access-Control-Allow-Credentials' 'true' always;
        add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
        add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With' always;
        # required to be able to read Authorization header in frontend
        add_header 'Access-Control-Expose-Headers' 'Authorization' always;

        proxy_pass http://api_hosts;
        proxy_redirect     off;
        proxy_set_header   Host $host;
    }
}