{% if nginx_cors_extended_rules %} if ($request_method = 'OPTIONS') { {% if nginx_cors_limit_origin %} add_header 'Access-Control-Allow-Origin' '{{ nginx_cors_acl_origin | default("$http_origin") }}'; {% else %} add_header 'Access-Control-Allow-Origin' '{{ nginx_access_control_allow_origin_src | default("*") }}'; {% endif %} add_header 'Access-Control-Allow-Credentials' 'true'; add_header 'Access-Control-Allow-Methods' '{{ nginx_cors_allowed_methods }}'; # # Custom headers and headers various browsers *should* be OK with but aren't # add_header 'Access-Control-Allow-Headers' '{{ nginx_cors_allowed_headers }}'; # # Tell client that this pre-flight info is valid for 20 days # add_header 'Access-Control-Max-Age' 1728000; add_header 'Content-Type' 'text/plain charset=UTF-8'; add_header 'Content-Length' 0; return 204; } if ($request_method = 'POST') { {% if nginx_cors_limit_origin %} add_header 'Access-Control-Allow-Origin' '{{ nginx_cors_acl_origin | default("$http_origin") }}'; {% else %} add_header 'Access-Control-Allow-Origin' '{{ nginx_access_control_allow_origin_src | default("*") }}'; {% endif %} add_header 'Access-Control-Allow-Credentials' 'true'; add_header 'Access-Control-Allow-Methods' '{{ nginx_cors_allowed_methods }}'; add_header 'Access-Control-Allow-Headers' '{{ nginx_cors_allowed_headers }}'; add_header 'Access-Control-Expose-Headers' '{{ nginx_cors_allowed_headers }}'; } if ($request_method = 'GET') { {% if nginx_cors_limit_origin %} add_header 'Access-Control-Allow-Origin' '{{ nginx_cors_acl_origin | default("$http_origin") }}'; {% else %} add_header 'Access-Control-Allow-Origin' '{{ nginx_access_control_allow_origin_src | default("*") }}'; {% endif %} add_header 'Access-Control-Allow-Credentials' 'true'; add_header 'Access-Control-Allow-Methods' '{{ nginx_cors_allowed_methods }}'; add_header 'Access-Control-Allow-Headers' '{{ nginx_cors_allowed_headers }}'; add_header 'Access-Control-Expose-Headers' '{{ nginx_cors_allowed_headers }}'; } {% else %} {% if nginx_cors_limit_origin %} add_header 'Access-Control-Allow-Origin' '{{ nginx_cors_acl_origin | default("$http_origin") }}'; {% else %} add_header 'Access-Control-Allow-Origin' '{{ nginx_access_control_allow_origin_src | default("*") }}'; {% endif %} if ($request_method = OPTIONS ) { return 204; } add_header 'Access-Control-Allow-Credentials' 'true'; add_header 'Access-Control-Allow-Methods' '{{ nginx_cors_allowed_methods }}'; add_header 'Access-Control-Allow-Headers' '{{ nginx_cors_allowed_headers }}'; add_header 'Access-Control-Expose-Headers' '{{ nginx_cors_allowed_headers }}'; {% endif %}