Malin revised this gist . Go to revision
1 file changed, 22 insertions
cors-support.conf(file created)
| @@ -0,0 +1,22 @@ | |||
| 1 | + | set $cors ''; | |
| 2 | + | if ($http_origin ~ '^https?://(localhost|www\.qrh\.app|www\.qrh\.hair|qrh\.app|qrh\.hair|stats\.wp\.com|sis-t\.redsys\.es|secure\.gravatar\.com)') { | |
| 3 | + | set $cors 'true'; | |
| 4 | + | } | |
| 5 | + | ||
| 6 | + | if ($cors = 'true') { | |
| 7 | + | add_header 'Access-Control-Allow-Origin' "$http_origin" always; | |
| 8 | + | add_header 'Access-Control-Allow-Credentials' 'true' always; | |
| 9 | + | add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always; | |
| 10 | + | add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With' always; | |
| 11 | + | # required to be able to read Authorization header in frontend | |
| 12 | + | #add_header 'Access-Control-Expose-Headers' 'Authorization' always; | |
| 13 | + | } | |
| 14 | + | ||
| 15 | + | if ($request_method = 'OPTIONS') { | |
| 16 | + | # Tell client that this pre-flight info is valid for 20 days | |
| 17 | + | add_header 'Access-Control-Max-Age' 1728000; | |
| 18 | + | add_header 'Content-Type' 'text/plain charset=UTF-8'; | |
| 19 | + | add_header 'Content-Length' 0; | |
| 20 | + | return 204; | |
| 21 | + | } | |
| 22 | + | ||
Newer
Older