-
Notifications
You must be signed in to change notification settings - Fork 134
/
cors.conf.template
37 lines (33 loc) · 1.71 KB
/
cors.conf.template
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
set $request_cors "${request_method}_${CORS_ENABLED}";
if ($request_cors = "OPTIONS_1") {
add_header 'Access-Control-Allow-Origin' '${CORS_ALLOWED_ORIGIN}';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
#
# Custom headers and headers various browsers *should* be OK with but aren't
#
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
#
# Tell client that this pre-flight info is valid for 20 days
#
add_header 'Access-Control-Max-Age' 1728000;
#
# Allow/deny Private Network Access CORS requests.
# https://developer.chrome.com/blog/private-network-access-preflight/
#
add_header 'Access-Control-Allow-Private-Network' '${CORS_ALLOW_PRIVATE_NETWORK_ACCESS}';
add_header 'Content-Type' 'text/plain; charset=utf-8';
add_header 'Content-Length' 0;
return 204;
}
if ($request_cors = "GET_1") {
add_header 'Access-Control-Allow-Origin' '${CORS_ALLOWED_ORIGIN}' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always;
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
}
if ($request_cors = "HEAD_1") {
add_header 'Access-Control-Allow-Origin' '${CORS_ALLOWED_ORIGIN}' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always;
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
}