On 10.08.2018 14:38, Sathish Kumar wrote:
Is there anyway to allow CORS domain like based on Host Origin.For Options, Get and other methods.
Something like this should do what you want:
location / { include inc/cors_options.inc; ... include inc/cors_headers.inc; } ### /etc/nginx/inc/cors_options.inc if ($request_method = 'OPTIONS') { add_header Access-Control-Allow-Credentials true; add_header Access-Control-Allow-Origin $cors_origin; add_header Access-Control-Allow-Methods OPTIONS; add_header Access-Control-Allow-Headers $http_access_control_request_headers; add_header Access-Control-Max-Age 86400; add_header Content-Type 'text/plain; charset=utf-8'; add_header Content-Length 0; return 204; } ### /etc/nginx/inc/cors_headers.inc add_header Access-Control-Allow-Credentials true always; add_header Access-Control-Allow-Origin $cors_origin always; add_header Access-Control-Allow-Methods $cors_method always; add_header Access-Control-Allow-Headers $http_access_control_request_headers always; add_header Access-Control-Max-Age 86400 always; ### /etc/nginx/sites-enabled/_map_cors_method map $http_access_control_request_method $cors_method { GET GET; HEAD HEAD; default OPTIONS; } $ cat /etc/nginx/sites-enabled/_map_cors_origin map $http_origin $cors_origin { https://domain.ru https://domain.ru; ... default ""; } _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx