I want to add CORS to my reverse-proxy. Generally everything is working but I don't understand why even though reading the documentation on add_header and reading several forum entries.
In my case I have two ifs and I would assume that nginx only resolves one but I don't even understand what is happening. Because if Iam requesting the location, the preflight is fine but then the acutal request tells me:
And looking in the response headers there are actually two:
The location part follows (no these are the only calls of add_header Iam performing):
location / {
# Preflighted requests
if ($request_method ~* "(GET|PUT|POST|DELETE)" ) {
add_header "Access-Control-Allow-Origin" *;
add_header "Access-Control-Allow-Methods" "GET, POST, OPTIONS, HEAD";
add_header "Access-Control-Allow-Headers" "Authorization, Origin, X-Requested-With, Content-Type, Accept";
proxy_pass http://<myservice>:91;
}
if ($request_method = OPTIONS ) {
add_header "Access-Control-Allow-Origin" *;
add_header "Access-Control-Allow-Methods" "GET, POST, OPTIONS, HEAD";
add_header "Access-Control-Allow-Headers" "Authorization, Origin, X-Requested-With, Content-Type, Accept";
return 200;
}
}
}
Though the funny part is, that despite having this error in the browser the payload is there and it is valid. So I can clearly deduce that these double origin thing is my problem. (Already got that and solved it but without getting why it works).
Thanks for help or clearing up my mind; I just want to get what kind of sorcery that is.
