Nginx CORS maps

nginx-cors.conf

map $http_origin $allow_origin {
  default "";
  "~^https?://(?:[^/]*\.)?(stevebuzonas\.(?:com|local))(?::[0-9]+)?$" "$http_origin";
}

map $request_method $cors_method {
  default "allowed";
  "OPTIONS" "preflight";
}

map $cors_method $cors_max_age {
  default "";
  "preflight" 1728000;
}

map $cors_method $cors_allow_methods {
  default "";
  "preflight" "GET, POST, OPTIONS";
}

map $cors_method $cors_allow_headers {
  default "";
  "preflight" "Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since";
}

map $cors_method $cors_content_length {
  default $initial_content_length;
  "preflight" 0;
}

map $cors_method $cors_content_type {
  default $initial_content_type;
  "preflight" "text/plain charset=UTF-8";
}

add_header Access-Control-Allow-Origin $allow_origin;
add_header Access-Control-Allow-Credentials 'true';
add_header Access-Control-Max-Age $cors_max_age;
add_header Access-Control-Allow-Methods $cors_allow_methods;
add_header Access-Control-Allow-Headers $cors_allow_headers;

set $initial_content_length $sent_http_content_length;
add_header 'Content-Length' "";
add_header 'Content-Length' $cors_content_length;

set $initial_content_type $sent_http_content_type;
add_header Content-Type "";
add_header Content-Type $cors_content_type;

if ($request_method = 'OPTIONS') {
  return 204;
}

@dabajabaza Did you ever figure out the answer to this? I'm trying to implement if statements for CORS, and every option I find seems to be disallowed somewhere. Likewise this one is not allowed in http, server, or location blocks...

@dabajabaza / @miend : i was able to make it work with "maps" directives outside {server} and "add_header" directives inside {server} block
maybe it helps

I typically include this in the http block. But, if you have more than one server and don't want cors configured for it, the maps need to be in http... And the add_header parts can pretty much go anywhere.