Welcome! Log In Create A New Profile

Advanced

Multiple Domain CORS

Posted by Sathish Kumar 
Sathish Kumar
Multiple Domain CORS
August 10, 2018 01:40PM
Hi All,

I would like to use cloudfront.net content inside my webapp and its
throwing Access-Control-Allow-Origin error and have added the header for
single host on Nginx to make it work now.

The problem is we have multiple environments which is trying to do the same
and I have to whitelisted all domains. I don't want to add '*'. Chrome is
throwing error and not accepting multiple values.

Is there anyway to allow CORS domain like based on Host Origin.For Options,
Get and other methods.
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Andrey Oktyabrskiy
Re: Multiple Domain CORS
August 10, 2018 02:20PM
On 10.08.2018 14:38, Sathish Kumar wrote:
> Is there anyway to allow CORS domain like based on Host Origin.For
> Options, Get and other methods.
Something like this should do what you want:

location / {
include inc/cors_options.inc;
...
include inc/cors_headers.inc;
}

### /etc/nginx/inc/cors_options.inc
if ($request_method = 'OPTIONS') {
add_header Access-Control-Allow-Credentials true;
add_header Access-Control-Allow-Origin $cors_origin;
add_header Access-Control-Allow-Methods OPTIONS;
add_header Access-Control-Allow-Headers
$http_access_control_request_headers;
add_header Access-Control-Max-Age 86400;

add_header Content-Type 'text/plain; charset=utf-8';
add_header Content-Length 0;

return 204;
}

### /etc/nginx/inc/cors_headers.inc
add_header Access-Control-Allow-Credentials true always;
add_header Access-Control-Allow-Origin $cors_origin always;
add_header Access-Control-Allow-Methods $cors_method always;
add_header Access-Control-Allow-Headers
$http_access_control_request_headers always;
add_header Access-Control-Max-Age 86400 always;

### /etc/nginx/sites-enabled/_map_cors_method
map $http_access_control_request_method $cors_method {
GET GET;
HEAD HEAD;
default OPTIONS;
}

$ cat /etc/nginx/sites-enabled/_map_cors_origin
map $http_origin $cors_origin {
https://domain.ru https://domain.ru;
...
default "";
}
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Andrey Oktyabrskiy
Re: Multiple Domain CORS
August 10, 2018 02:50PM
On 10.08.2018 15:17, Andrey Oktyabrskiy wrote:
> ### /etc/nginx/inc/cors_options.inc
> if ($request_method = 'OPTIONS') {
>   add_header Access-Control-Allow-Credentials        true;
>   add_header Access-Control-Allow-Origin     $cors_origin;
>   add_header Access-Control-Allow-Methods    OPTIONS;

- add_header Access-Control-Allow-Methods OPTIONS;
+ add_header Access-Control-Allow-Methods $cors_method;
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Sorry, only registered users may post in this forum.

Click here to login