Allow both HTTP and HTTPS and multi domain in CORS header on nginx
- 13 Sep 2017: Post was created (diff)
Wanted to allow both HTTP and HTTPS to POST to the API of an old solution I’ve been maintaining lately. But the Access-Control-Allow-Origin only allows a single domain with strict scheme. This made me look around in the nginx docs again.
Since my site is also answering on multiple domains, this is pretty neat:
server_name example.com www.example.com;
location /api/ {
add_header Access-Control-Allow-Origin "${scheme}://${server_name}";
proxy_pass http://localhost:4242/;
}
References
- http://nginx.org/en/docs/varindex.html
- https://serverfault.com/questions/152194/merging-variable-with-string-in-config-file
If you have any comments or feedback, please send me an e-mail. (stig at stigok dotcom).
Did you find any typos, incorrect information, or have something to add? Then please propose a change to this post.