Multiple Domain CORS
Andrey Oktyabrskiy
ano at bestmx.net
Fri Aug 10 12:17:10 UTC 2018
On 10.08.2018 14:38, Sathish Kumar wrote:
> Is there anyway to allow CORS domain like based on Host Origin.For
> Options, Get and other methods.
Something like this should do what you want:
location / {
include inc/cors_options.inc;
...
include inc/cors_headers.inc;
}
### /etc/nginx/inc/cors_options.inc
if ($request_method = 'OPTIONS') {
add_header Access-Control-Allow-Credentials true;
add_header Access-Control-Allow-Origin $cors_origin;
add_header Access-Control-Allow-Methods OPTIONS;
add_header Access-Control-Allow-Headers
$http_access_control_request_headers;
add_header Access-Control-Max-Age 86400;
add_header Content-Type 'text/plain; charset=utf-8';
add_header Content-Length 0;
return 204;
}
### /etc/nginx/inc/cors_headers.inc
add_header Access-Control-Allow-Credentials true always;
add_header Access-Control-Allow-Origin $cors_origin always;
add_header Access-Control-Allow-Methods $cors_method always;
add_header Access-Control-Allow-Headers
$http_access_control_request_headers always;
add_header Access-Control-Max-Age 86400 always;
### /etc/nginx/sites-enabled/_map_cors_method
map $http_access_control_request_method $cors_method {
GET GET;
HEAD HEAD;
default OPTIONS;
}
$ cat /etc/nginx/sites-enabled/_map_cors_origin
map $http_origin $cors_origin {
https://domain.ru https://domain.ru;
...
default "";
}
More information about the nginx
mailing list