Skip to content

Instantly share code, notes, and snippets.

@slavafomin
Created January 22, 2019 17:35
Show Gist options
  • Save slavafomin/b1edbdb352a6d9d6909a7f879e4ca7ea to your computer and use it in GitHub Desktop.
Save slavafomin/b1edbdb352a6d9d6909a7f879e4ca7ea to your computer and use it in GitHub Desktop.
How to enable CORS in nginx with origin matching
server {
listen 80 default_server;
root /var/www;
location / {
set $cors '';
set $cors_allowed_methods 'OPTIONS, HEAD, GET';
if ($http_origin ~ '^https?://(www\.)?example.com$') {
set $cors 'origin_matched';
}
# Preflight requests
if ($request_method = OPTIONS) {
set $cors '${cors} & preflight';
}
if ($cors = 'origin_matched') {
add_header Access-Control-Allow-Origin $http_origin;
add_header Access-Control-Allow-Methods $cors_allowed_methods;
}
if ($cors = 'origin_matched & preflight') {
add_header Access-Control-Allow-Origin $http_origin always;
add_header Access-Control-Allow-Methods $cors_allowed_methods;
add_header Content-Type text/plain;
add_header Content-Length 0;
return 204;
}
}
}
@tiendungitd
Copy link

Hi,
I tried your configuration, but I got error, we should I put the header field "x-rundeck-auth-token" to?
has been blocked by CORS policy: Request header field x-rundeck-auth-token is not allowed by Access-Control-Allow-Headers in preflight response.

@claudiumacovei
Copy link

add_header "Access-Control-Allow-Headers" "x-rundeck-auth-token";

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment