nginx CORS
, API
Syntax
add_header Access-Control-Allow-Origin *;
Parameters
| Parameters | Description | Examples | Level |
|---|---|---|---|
Access-Control-Allow-Origin |
add_header Access-Control-Allow-Origin https://app.example.com; |
Common | |
Access-Control-Allow-Methods |
HTTP | add_header Access-Control-Allow-Methods 'GET, POST, PUT, DELETE'; |
Common |
Access-Control-Allow-Headers |
add_header Access-Control-Allow-Headers 'Authorization, Content-Type'; |
Common | |
Access-Control-Allow-Credentials |
Cookie | add_header Access-Control-Allow-Credentials true; |
Advanced |
Examples
CORS
location /api/ { # if ($request_method = OPTIONS) { add_header Access-Control-Allow-Origin $http_origin; add_header Access-Control-Allow-Methods 'GET, POST, PUT, DELETE, OPTIONS'; add_header Access-Control-Allow-Headers 'Authorization, Content-Type'; add_header Access-Control-Max-Age 86400; return 204; } add_header Access-Control-Allow-Origin $http_origin; add_header Access-Control-Allow-Credentials true; proxy_pass http://backend;
}+
()
location /api/ {
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';
add_header Access-Control-Allow-Headers '*';
proxy_pass http://localhost:3000;
},
Common Errors
CORS 4xx/5xxadd_header 2xx/3xx, always Parameters: add_header.. always;
Tips
- * Allow-Origin,
- Access-Control-Allow-Credentials true * Origin
- (Max-Age) OPTIONS