본문 바로가기

개발/Web

Nginx CORS 활성화

# cors configuration
# whitelist of allowed domains, via a regular expression
# if ($http_origin ~* (http://localhost(:[0-9]+)?)) {
  if ($http_origin ~* .*) { # yeah, for local development. tailor your regex as needed
  set $cors "true";
}

# apparently, the following three if statements create a flag for "compound conditions"
if ($request_method = OPTIONS) {
	set $cors "${cors}options";
}

if ($request_method = GET) {
	set $cors "${cors}get";
}

if ($request_method = POST) {
	set $cors "${cors}post";
}

# now process the flag
if ($cors = 'trueget') {
    add_header 'Access-Control-Allow-Origin' "$http_origin";
    add_header 'Access-Control-Allow-Credentials' 'true';
}

if ($cors = 'truepost') {
    add_header 'Access-Control-Allow-Origin' "$http_origin";
    add_header 'Access-Control-Allow-Credentials' 'true';
}

if ($cors = 'trueoptions') {
    add_header 'Access-Control-Allow-Origin' "$http_origin";
    add_header 'Access-Control-Allow-Credentials' 'true';

    add_header 'Access-Control-Max-Age' 1728000; # cache preflight value for 20 days
    add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
    add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since';

    add_header 'Content-Length' 0;
    add_header 'Content-Type' 'text/plain charset=UTF-8';
    return 204;
}
반응형

'개발 > Web' 카테고리의 다른 글

Secure Coding - SQL Injection  (0) 2021.01.08
[Javascript] 장식자(Decorator)  (0) 2020.11.16
wavesurfer events (이벤트)  (0) 2020.09.18
wavsurfer.js method(메서드)  (0) 2020.09.18
wavesurfer.js  (0) 2020.09.17