Multiple Domain CORS

Andrey Oktyabrskiy ano at
Fri Aug 10 12:17:10 UTC 2018

On 10.08.2018 14:38, Sathish Kumar wrote:
> Is there anyway to allow CORS domain like based on Host Origin.For 
> Options, Get and other methods.
Something like this should do what you want:

location / {
   include inc/;
   include inc/;

### /etc/nginx/inc/
if ($request_method = 'OPTIONS') {
   add_header Access-Control-Allow-Credentials        true;
   add_header Access-Control-Allow-Origin     $cors_origin;
   add_header Access-Control-Allow-Methods    OPTIONS;
   add_header Access-Control-Allow-Headers
   add_header Access-Control-Max-Age          86400;

   add_header Content-Type    'text/plain; charset=utf-8';
   add_header Content-Length  0;

   return  204;

### /etc/nginx/inc/
   add_header Access-Control-Allow-Credentials        true always;
   add_header Access-Control-Allow-Origin     $cors_origin always;
   add_header Access-Control-Allow-Methods    $cors_method always;
   add_header Access-Control-Allow-Headers
     $http_access_control_request_headers always;
   add_header Access-Control-Max-Age          86400        always;

### /etc/nginx/sites-enabled/_map_cors_method
map     $http_access_control_request_method     $cors_method {
   GET     GET;
   HEAD    HEAD;
   default OPTIONS;

$ cat /etc/nginx/sites-enabled/_map_cors_origin
map $http_origin $cors_origin {;
   default "";

More information about the nginx mailing list