Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to add CORS (cross origin policy) to all domains in NGINX?

Tags:

cors

jsonp

nginx

font-face

magento

I have created a folder that will be used for serving static files (CSS, images, fonts and JS etc) I will eventually CNAME the folder into a subdomain for usage on a CDN to work with my Magento 2 setup.

I want to allow ALL domains ALL access via CORS - Cross Origin Policy and I want to cache the data too. This is what I have. (I am not asking for security suggestions or tips on JSONP issues - I want global access to the file directory please)

location /cdn-directory/ {

    location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2|zip|gz|gzip|bz2|csv|xml)$ {
        add_header Cache-Control "public";
        add_header X-Frame-Options "ALLOW-FROM *";
        expires +1y;
    }

}

According to documentation it says X-Frame-Options supports ALLOW-FROM uri but cannot see examples of using * (all domains) or adding certain multiple domains in this ALLOW-FROM. I need to allow all domains access to my static files folder.

like image 348
TheBlackBenzKid Avatar asked Feb 03 '16 10:02

TheBlackBenzKid

People also ask

How do I enable CORS policy in NGINX?

To enable CORS on NGINX, you need to use the add_header directive and add it to the appropriate NGINX configuration file. to allow access from any domain.

How do I enable CORS for specific domains?

To initiate a cross-origin request, a browser sends the request with an Origin: <domain> HTTP header, where <domain> is the domain that served the page. In response, the server sends Access-Control-Allow-Origin: <domain> , where <domain> is either a list of specific domains or a wildcard to allow all domains.

What is Access-Control allow Origin NGINX?

As you can tell by Access-Control-Allow-Origin * – this is wide open configuration, meaning any client will be able to access the resource. You can list specific hostnames that are allowed to access the server: add_header "Access-Control-Allow-Origin" "http://test.com, https://example.com"

How do I add CORS to web config?

Add CORS support to ASP.NET Web API Now webpages hosted on 'https://localhost:44310' can make AJAX requests to your controller/action. You can also define CORS globally by passing the attribute to EnableCors : var cors = new EnableCorsAttribute("https://localhost:44310", "*", "*"); config.

1 Answers

I didn't try it i nginx, but allowing the origin of current request works in tomcat:

add_header X-Frame-Options "ALLOW-FROM $http_origin";
like image 189
Serge Seredenko Avatar answered Sep 22 '22 02:09

Serge Seredenko
Sign in to Comment

Related questions

Magento: How can I display backend config settings in frontend CMS pages (or static blocks)?
Magento Checkout redirects to “Shopping cart is empty” page and clears cart in IE7 & IE8
Filtering a joined column
How To Direct Magento installation path in subfolder to main domain name
Add css to only homepage from xml in magento
Custom Magento admin config password encryption
Magento : System/Config Add Custom Value in MultiSelect
Error in magento when I try to delete a product
Magento: What is the url to the confirmation page?
Filter collection by attribute Set
How to Disable/Enable WYSIWYG editor in Magento 1.4
Add a date picker to system.xml on custom module
How to disable a remove statement from local.xml in Magento
Magento Including a CUSTOM phtml file in view.phtml
Magento override controller
Magento - Proceed to Checkout button location in theme
How can I get the Url of a product from its SKU in Magento
Magento importing images
Filter product collection on two categories Magento 1.7
Universal Analytics could not track transaction in magento

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!