Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # cors configuration
- if ($request_method ~* "(GET|POST)") {
- add_header "Access-Control-Allow-Origin" *;
- }
- # whitelist of allowed domains, via a regular expression
- # if ($http_origin ~* (http://localhost(:[0-9]+)?)) {
- if ($http_origin ~* .*) { # wideopen, for local development. tailor your regex as needed
- set $cors "true";
- }
- # apparently, the following three if statements create a flag for "compound conditions"
- if ($request_method = OPTIONS) {
- set $cors "${cors}options";
- }
- if ($request_method = GET) {
- set $cors "${cors}get";
- }
- if ($request_method = POST) {
- set $cors "${cors}post";
- }
- # now process the flag
- if ($cors = 'trueget') {
- add_header 'Access-Control-Allow-Origin' "$http_origin";
- add_header 'Access-Control-Allow-Credentials' 'true';
- }
- if ($cors = 'truepost') {
- add_header 'Access-Control-Allow-Origin' "$http_origin";
- add_header 'Access-Control-Allow-Credentials' 'true';
- }
- if ($cors = 'trueoptions') {
- add_header 'Access-Control-Allow-Origin' "$http_origin";
- add_header 'Access-Control-Allow-Credentials' 'true';
- add_header 'Access-Control-Max-Age' 120; # cache preflight value in seconds. 300=5 min ; 1728000==20 days
- add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
- add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since';
- #add_header 'Access-Control-Allow-Headers' 'Origin, Content-Type, Accept, Authorization, X-Requested-With, Accept-Error, X-CSRF-TOKEN';
- add_header 'Content-Length' 0;
- add_header 'Content-Type' 'text/plain charset=UTF-8';
- return 204;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement