mozillazg · January 15, 2016 11:20 · Jan 15, 2016 · Nov 6, 2013 · Nov 6, 2013
diff --git a/nginx-nodejs-cors b/nginx-nodejs-cors
@@ -6,7 +6,7 @@ server {
 
         location / {
 
-            if ($http_origin ~* (https?://.*\.example\.com(:[0-9]+)?)) {
+            if ($http_origin ~* "https?://.*\.example\.com(:[0-9]+)?") {
                 set $cors "true";
             }
 

diff --git a/nginx-nodejs-cors b/nginx-nodejs-cors
@@ -1,22 +1,3 @@
-server {
-    listen 80;
-    server_name example.com www.example.com;
-    root /var/example;
-
-    #ssl on;
-    #ssl_certificate /etc/nginx/ssl/wildcard.crt;
-    #ssl_certificate_key /etc/nginx/ssl/wildcard.key;
-
-    access_log /var/log/nginx/example.log;
-    error_log /var/log/nginx/example.error.log warn;
-
-    location / {
-        add_header 'Access-Control-Allow-Origin' "http://example.com";
-        add_header 'Access-Control-Allow-Credentials' 'true';
-        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
-    }
-}
-
 server {
         listen 80;
 
@@ -25,7 +6,9 @@ server {
 
         location / {
 
-            set $cors "true";
+            if ($http_origin ~* (https?://.*\.example\.com(:[0-9]+)?)) {
+                set $cors "true";
+            }
 
             if ($request_method = 'OPTIONS') {
                 set $cors "${cors}options";  

diff --git a/nginx-nodejs-cors b/nginx-nodejs-cors
@@ -0,0 +1,71 @@
+server {
+    listen 80;
+    server_name example.com www.example.com;
+    root /var/example;
+
+    #ssl on;
+    #ssl_certificate /etc/nginx/ssl/wildcard.crt;
+    #ssl_certificate_key /etc/nginx/ssl/wildcard.key;
+
+    access_log /var/log/nginx/example.log;
+    error_log /var/log/nginx/example.error.log warn;
+
+    location / {
+        add_header 'Access-Control-Allow-Origin' "http://example.com";
+        add_header 'Access-Control-Allow-Credentials' 'true';
+        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+    }
+}
+
+server {
+        listen 80;
+
+        server_name subdomain.example.com;
+        access_log /var/log/nginx/example.access.log;
+
+        location / {
+
+            set $cors "true";
+
+            if ($request_method = 'OPTIONS') {
+                set $cors "${cors}options";  
+            }
+
+            if ($request_method = 'GET') {
+                set $cors "${cors}get";  
+            }
+            if ($request_method = 'POST') {
+                set $cors "${cors}post";
+            }
+
+            if ($cors = "trueget") {
+                add_header 'Access-Control-Allow-Origin' "$http_origin";
+                add_header 'Access-Control-Allow-Credentials' 'true';
+            }
+
+            if ($cors = "truepost") {
+                add_header 'Access-Control-Allow-Origin' "$http_origin";
+                add_header 'Access-Control-Allow-Credentials' 'true';
+            }
+
+            if ($cors = "trueoptions") {
+                add_header 'Access-Control-Allow-Origin' "$http_origin";
+                add_header 'Access-Control-Allow-Credentials' 'true';
+                add_header 'Access-Control-Max-Age' 1728000;
+                add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+                add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since';
+                add_header 'Content-Length' 0;
+                add_header 'Content-Type' 'text/plain charset=UTF-8';
+                return 204;
+            }
+
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header Host $http_host;
+            proxy_set_header X-NginX-Proxy true;
+            proxy_pass_header Set-Cookie;
+            proxy_cache_bypass $cookie_nocache $arg_nocache $arg_comment;
+            proxy_pass http://127.0.0.1:8675;
+            proxy_redirect off;
+        }
+}