Multi-Prefix (CORS Header)

WiiLF

1/3/24, 8:42 PM

How can I make this so it handles both https/http?

add_header Access-Control-Allow-Origin "https://sub.example.com";

What is happening, is specific resources rely on http traffic (//api.example.com), therefor throwing a CORS error in Chrome Console. HTTPS is forced in 3 directions, starting with DNS.

So I have no idea why its doing this. This is basically failing most of the time, when this header contains valid parameters. I notice its "sometimes" going over HTTP so the rest is expected behavior, however due to the forced HTTPS rules on both DNS and NGINX.. I can personally confirm. I just dont get it.

We know we want 100% SSL in all cases. It just does not maintain this behavior.

Any solution or a mapping solution to coordinate this for both prefixes? Thanks.

Perhaps this is the consequence of escaping prefixes in JS for reason of readability. Can anyone confirm this in their own projects/questions?

//sub.example.com - Unexpected, SSL "most of the time".

https://sub.example.com - Enforced - Working

http://sub.example.com - Auto-HTTPS (Impossible to stay on HTTP now matter how hard I try)

0 + 0

security

nginx

headers

cors

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Multi-Prefix (CORS Header)

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.