The following Nginx configuration enables CORS, with support for preflight requests.
## Wide-open CORS config for nginx#
location / {
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin''*';
add_header 'Access-Control-Allow-Methods''GET, POST, OPTIONS';
## Custom headers and headers various browsers *should* be OK with but aren't#
add_header 'Access-Control-Allow-Headers''DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
## Tell client that this pre-flight info is valid for 20 days#
add_header 'Access-Control-Max-Age'1728000;
add_header 'Content-Type''text/plain; charset=utf-8';
add_header 'Content-Length'0;
return204;
}
if ($request_method = 'POST') {
add_header 'Access-Control-Allow-Origin''*';
add_header 'Access-Control-Allow-Methods''GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers''DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
add_header 'Access-Control-Expose-Headers''Content-Length,Content-Range';
}
if ($request_method = 'GET') {
add_header 'Access-Control-Allow-Origin''*';
add_header 'Access-Control-Allow-Methods''GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers''DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
add_header 'Access-Control-Expose-Headers''Content-Length,Content-Range';
}
}