Malin / cors-support.conf

set $cors ''; if ($http_origin ~ '^https?://(localhost|www\.qrh\.app|www\.qrh\.hair|qrh\.app|qrh\.hair|stats\.wp\.com|sis-t\.redsys\.es|secure\.gravatar\.com)') { set $cors 'true'; } if ($cors = 'true') { add_header 'Access-Control-Allow-Origin' "$http_origin" always; add_header 'Access-Control-Allow-Credentials' 'true' always; add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always; add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With' always; # required to be able to read Authorization header in frontend #add_header 'Access-Control-Expose-Headers' 'Authorization' always; } if ($request_method = 'OPTIONS') { # Tell client that this pre-flight info is valid for 20 days add_header 'Access-Control-Max-Age' 1728000; add_header 'Content-Type' 'text/plain charset=UTF-8'; add_header 'Content-Length' 0; return 204; }