How to allow CORS (cross-origin/domain) API calls with nginx.
For nginx see the following:
The code as per nginx docs, can be placed under: http, server or location, so you can decide how fine grane access you wish to allow.
NOTE: Before you copy and paste, you can just read what CORS is. This is a good source: Mozilla docs CORS.
| # | |
| # Remove incomming header | |
| # | |
| proxy_hide_header 'access-control-allow-origin'; | |
| # | |
| # Allow access from any domain | |
| # | |
| add_header Access-Control-Allow-Origin *; | |
| # | |
| # Allow access for the following HTTP vers | |
| # | |
| add_header Access-Control-Allow-Methods "GET, HEAD, POST, OPTIONS, PUT, PATCH, DELETE"; | |
| # | |
| # Allow credentials headers | |
| # | |
| add_header Access-Control-Allow-Credentials "true"; | |
| # | |
| # Allow extra headers | |
| # | |
| add_header Access-Control-Request-Headers "content-type, authorization, accept"; | |
| add_header Access-Control-Allow-Headers "content-type, authorization, accept"; | |