Skip to content

Instantly share code, notes, and snippets.

@yauri-io

yauri-io/cors.nginxconf

Forked from bramswenson/cors.nginxconf
Created September 15, 2021 19:21
Show Gist options
  • Save yauri-io/428516db344797dd46035025cce68d2f to your computer and use it in GitHub Desktop.
Save yauri-io/428516db344797dd46035025cce68d2f to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. @pauloricardomg pauloricardomg revised this gist Oct 21, 2013. 1 changed file with 1 addition and 1 deletion.
    2 changes: 1 addition & 1 deletion cors.nginxconf
    View file
    Original file line number Diff line number Diff line change
    @@ -28,7 +28,7 @@ server {

    # If request comes from allowed subdomain
    # (*.mckinsey.com) then we enable CORS
    if ($http_origin ~* (https?://.*\.mckinsey\.com(:[0-9]+)?)) {
    if ($http_origin ~* (https?://.*\.mckinsey\.com(:[0-9]+)?$)) {
    set $cors "1";
    }

  2. @pauloricardomg pauloricardomg created this gist Oct 21, 2013.
    63 changes: 63 additions & 0 deletions cors.nginxconf
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,63 @@
    #
    # Acts as a nginx HTTPS proxy server
    # enabling CORS only to domains matched by regex
    # /https?://.*\.mckinsey\.com(:[0-9]+)?)/
    #
    # Based on:
    # * http://blog.themillhousegroup.com/2013/05/nginx-as-cors-enabled-https-proxy.html
    # * http://enable-cors.org/server_nginx.html
    #
    server {
    listen 443 default_server ssl;
    server_name localhost;

    # Fake certs - fine for development purposes :-)
    ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
    ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;

    ssl_session_timeout 5m;

    location / {
    proxy_redirect off;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    # Nginx doesn't support nested If statements, so we
    # concatenate compound conditions on the $cors variable
    # and process later

    # If request comes from allowed subdomain
    # (*.mckinsey.com) then we enable CORS
    if ($http_origin ~* (https?://.*\.mckinsey\.com(:[0-9]+)?)) {
    set $cors "1";
    }

    # OPTIONS indicates a CORS pre-flight request
    if ($request_method = 'OPTIONS') {
    set $cors "${cors}o";
    }

    # Append CORS headers to any request from
    # allowed CORS domain, except OPTIONS
    if ($cors = "1") {
    more_set_headers 'Access-Control-Allow-Origin: $http_origin';
    more_set_headers 'Access-Control-Allow-Credentials: true';
    proxy_pass http://serverIP:serverPort;
    }

    # OPTIONS (pre-flight) request from allowed
    # CORS domain. return response directly
    if ($cors = "1o") {
    more_set_headers 'Access-Control-Allow-Origin: $http_origin';
    more_set_headers 'Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, DELETE';
    more_set_headers 'Access-Control-Allow-Credentials: true';
    more_set_headers 'Access-Control-Allow-Headers: Origin,Content-Type,Accept';
    add_header Content-Length 0;
    add_header Content-Type text/plain;
    return 204;
    }

    # Requests from non-allowed CORS domains
    proxy_pass http://serverIP:serverPort;
    }
    }