-
-
Save sbuzonas/6e2dbc1218a0be0d7ae2 to your computer and use it in GitHub Desktop.
| map $http_origin $allow_origin { | |
| default ""; | |
| "~^https?://(?:[^/]*\.)?(stevebuzonas\.(?:com|local))(?::[0-9]+)?$" "$http_origin"; | |
| } | |
| map $request_method $cors_method { | |
| default "allowed"; | |
| "OPTIONS" "preflight"; | |
| } | |
| map $cors_method $cors_max_age { | |
| default ""; | |
| "preflight" 1728000; | |
| } | |
| map $cors_method $cors_allow_methods { | |
| default ""; | |
| "preflight" "GET, POST, OPTIONS"; | |
| } | |
| map $cors_method $cors_allow_headers { | |
| default ""; | |
| "preflight" "Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since"; | |
| } | |
| map $cors_method $cors_content_length { | |
| default $initial_content_length; | |
| "preflight" 0; | |
| } | |
| map $cors_method $cors_content_type { | |
| default $initial_content_type; | |
| "preflight" "text/plain charset=UTF-8"; | |
| } | |
| add_header Access-Control-Allow-Origin $allow_origin; | |
| add_header Access-Control-Allow-Credentials 'true'; | |
| add_header Access-Control-Max-Age $cors_max_age; | |
| add_header Access-Control-Allow-Methods $cors_allow_methods; | |
| add_header Access-Control-Allow-Headers $cors_allow_headers; | |
| set $initial_content_length $sent_http_content_length; | |
| add_header 'Content-Length' ""; | |
| add_header 'Content-Length' $cors_content_length; | |
| set $initial_content_type $sent_http_content_type; | |
| add_header Content-Type ""; | |
| add_header Content-Type $cors_content_type; | |
| if ($request_method = 'OPTIONS') { | |
| return 204; | |
| } |
The / character only needs escaped in a regex if it is used at the delimiter. The nginx patterns do not use a delimiter, so escaping the character is unnecessary.
In what block - http{} , server{}, location{} - it should be included? If I include it in server or http it says 'map directive is not allowed here', if it included in location it says 'set directive is not allowed here'
@dabajabaza Did you ever figure out the answer to this? I'm trying to implement if statements for CORS, and every option I find seems to be disallowed somewhere. Likewise this one is not allowed in http, server, or location blocks...
@dabajabaza / @miend : i was able to make it work with "maps" directives outside {server} and "add_header" directives inside {server} block
maybe it helps
I typically include this in the http block. But, if you have more than one server and don't want cors configured for it, the maps need to be in http... And the add_header parts can pretty much go anywhere.
Thank you.
May need change
"~^https?://(?:[^/]*\.)?(stevebuzonas\.(?:com|local))(?::[0-9]+)?$" "$http_origin";to
"~^https?:\/\/(?:[^/]*\.)?(stevebuzonas\.(?:com|local))(?::[0-9]+)?$" "$http_origin";