SHARE
TWEET

Untitled

a guest Oct 21st, 2019 97 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1.     # cors configuration
  2.  
  3.         if ($request_method ~* "(GET|POST)") {
  4.           add_header "Access-Control-Allow-Origin"  *;
  5.         }
  6.         # whitelist of allowed domains, via a regular expression
  7.         # if ($http_origin ~* (http://localhost(:[0-9]+)?)) {
  8.          if ($http_origin ~* .*) { # wideopen, for local development. tailor your regex as needed
  9.              set $cors "true";
  10.         }
  11.  
  12.         # apparently, the following three if statements create a flag for "compound conditions"
  13.         if ($request_method = OPTIONS) {
  14.             set $cors "${cors}options";
  15.         }
  16.  
  17.         if ($request_method = GET) {
  18.             set $cors "${cors}get";
  19.         }
  20.  
  21.         if ($request_method = POST) {
  22.             set $cors "${cors}post";
  23.         }
  24.  
  25.         # now process the flag
  26.         if ($cors = 'trueget') {
  27.             add_header 'Access-Control-Allow-Origin' "$http_origin";
  28.             add_header 'Access-Control-Allow-Credentials' 'true';
  29.         }
  30.  
  31.         if ($cors = 'truepost') {
  32.             add_header 'Access-Control-Allow-Origin' "$http_origin";
  33.             add_header 'Access-Control-Allow-Credentials' 'true';
  34.         }
  35.  
  36.         if ($cors = 'trueoptions') {
  37.             add_header 'Access-Control-Allow-Origin' "$http_origin";
  38.             add_header 'Access-Control-Allow-Credentials' 'true';
  39.  
  40.             add_header 'Access-Control-Max-Age' 120; # cache preflight value in seconds. 300=5 min ; 1728000==20 days
  41.             add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
  42.             add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since';
  43.             #add_header 'Access-Control-Allow-Headers' 'Origin, Content-Type, Accept, Authorization, X-Requested-With, Accept-Error, X-CSRF-TOKEN';
  44.  
  45.             add_header 'Content-Length' 0;
  46.             add_header 'Content-Type' 'text/plain charset=UTF-8';
  47.             return 204;
  48.         }
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top