Guest User

Untitled

a guest
Oct 21st, 2019
112
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # cors configuration
  2.  
  3. if ($request_method ~* "(GET|POST)") {
  4. add_header "Access-Control-Allow-Origin" *;
  5. }
  6. # whitelist of allowed domains, via a regular expression
  7. # if ($http_origin ~* (http://localhost(:[0-9]+)?)) {
  8. if ($http_origin ~* .*) { # wideopen, for local development. tailor your regex as needed
  9. set $cors "true";
  10. }
  11.  
  12. # apparently, the following three if statements create a flag for "compound conditions"
  13. if ($request_method = OPTIONS) {
  14. set $cors "${cors}options";
  15. }
  16.  
  17. if ($request_method = GET) {
  18. set $cors "${cors}get";
  19. }
  20.  
  21. if ($request_method = POST) {
  22. set $cors "${cors}post";
  23. }
  24.  
  25. # now process the flag
  26. if ($cors = 'trueget') {
  27. add_header 'Access-Control-Allow-Origin' "$http_origin";
  28. add_header 'Access-Control-Allow-Credentials' 'true';
  29. }
  30.  
  31. if ($cors = 'truepost') {
  32. add_header 'Access-Control-Allow-Origin' "$http_origin";
  33. add_header 'Access-Control-Allow-Credentials' 'true';
  34. }
  35.  
  36. if ($cors = 'trueoptions') {
  37. add_header 'Access-Control-Allow-Origin' "$http_origin";
  38. add_header 'Access-Control-Allow-Credentials' 'true';
  39.  
  40. add_header 'Access-Control-Max-Age' 120; # cache preflight value in seconds. 300=5 min ; 1728000==20 days
  41. add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
  42. add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since';
  43. #add_header 'Access-Control-Allow-Headers' 'Origin, Content-Type, Accept, Authorization, X-Requested-With, Accept-Error, X-CSRF-TOKEN';
  44.  
  45. add_header 'Content-Length' 0;
  46. add_header 'Content-Type' 'text/plain charset=UTF-8';
  47. return 204;
  48. }
RAW Paste Data