SPDY+CORS not working under Chrome

Paweł Smoliński zipoking at gmail.com
Sat Feb 16 10:10:22 UTC 2013

I've following problem: we are running website with SPDY enabled (nginx
1.3.12 with SPDY patch 62 and OpenSSL 1.0.1e) where we are providing API
interface too. This API is used by other site (mobile interface) and in
order to have this whole thing working I've added following configuration
to nginx in order to have cross-origin requests working (found this
somewhere in the web):

if ($request_method = 'OPTIONS') {
    add_header 'Access-Control-Allow-Origin' '*';

    add_header 'Access-Control-Allow-Credentials' 'true';
    add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE,

    add_header 'Access-Control-Allow-Headers'

    add_header 'Access-Control-Max-Age' 1728000;
    add_header 'Content-Type' 'text/plain charset=UTF-8';
    add_header 'Content-Length' 0;

    return 200;

The problem with that is Chrome browser is reporting that OPTIONS failed
when SPDY is enabled - when I turn off SPDY support everything is working
as expected.
Any idea how to workaround this (and maybe it's some bug inside Chrome)?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20130216/25fe0583/attachment.html>

More information about the nginx-devel mailing list