Join Log in
Score:0
sintezators avatar Server

add CORS policy on NGINX server

bz flag
sintezators

i'm having difficulties adding CORS policy to my NGINX server. I have pointed DNS server to server but the problem in CORS policy is not working. When accessing subdomain.domain.com everything works fine but problem is on location block. domain/path is giving a CORS policy error. Any way to fix this?

no font @has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource
476
0 + 0
Score:0
drookie avatar Server
za flag
drookie

Well, you received one answer already - better than nothing, but in my opition it's code can only be used as initial iteration.

Code below, which I'm not the original author of (which was found as a gist on GitHub), is way better at nandling CORS. And is especially nicer for not using wildcards. Still has some places to polish, but I'm using it.

    set $cors '';
    # Extend the list of XSS-whilelisted domains by adding more
    if ($http_origin ~ '^http[s]*?://(foo\.bar|.+\.foo\.bar|fou\.baar|.+\.fou\.baar)') {
        set $cors T;
    }

    if ($request_method = 'OPTIONS') {
        set $cors "${cors}O";
    }

    if ($cors = 'T') {
        add_header 'Access-Control-Allow-Origin' "$http_origin" always;
        add_header 'Access-Control-Allow-Credentials' 'true' always;
        add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
        add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With' always;
        add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';

        #add_header 'Access-Control-Expose-Headers' 'Authorization' always;
    }

    if ($cors = 'O') {
        add_header 'Access-Control-Max-Age' 1728000;
        add_header 'Content-Type' 'text/plain charset=UTF-8';
        add_header 'Content-Length' 0;
        return 204;
    }

    if ($cors = 'TO') {
        add_header 'Access-Control-Allow-Origin' "$http_origin" always;
        add_header 'Access-Control-Allow-Credentials' 'true' always;
        add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
        add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With' always;
        add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';

        add_header 'Access-Control-Max-Age' 1728000;
        add_header 'Content-Type' 'text/plain charset=UTF-8';
        add_header 'Content-Length' 0;
        return 204;
    }
0 + 0
Score:0
avatar Server
br flag
MoWo

You'll find a lot of information on how to enable CORS on nginx with configuration examples and a lot of background information here: https://enable-cors.org/server_nginx.html

0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.