Skip to content

Instantly share code, notes, and snippets.

@toloco
Last active February 13, 2023 10:05
Show Gist options
  • Save toloco/9c3e60e8537705513bd629e4f7d8e63a to your computer and use it in GitHub Desktop.
Save toloco/9c3e60e8537705513bd629e4f7d8e63a to your computer and use it in GitHub Desktop.
NGINX Cors

How to allow CORS (cross-origin/domain) API calls with nginx.

For nginx see the following:

The code as per nginx docs, can be placed under: http, server or location, so you can decide how fine grane access you wish to allow.

NOTE: Before you copy and paste, you can just read what CORS is. This is a good source: Mozilla docs CORS.

#
# Remove incomming header
#
proxy_hide_header 'access-control-allow-origin';
#
# Allow access from any domain
#
add_header Access-Control-Allow-Origin *;
#
# Allow access for the following HTTP vers
#
add_header Access-Control-Allow-Methods "GET, HEAD, POST, OPTIONS, PUT, PATCH, DELETE";
#
# Allow credentials headers
#
add_header Access-Control-Allow-Credentials "true";
#
# Allow extra headers
#
add_header Access-Control-Request-Headers "content-type, authorization, accept";
add_header Access-Control-Allow-Headers "content-type, authorization, accept";
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment