Menu
I got stuck that I don't know how to enable CORS in nginx? Honestly, I've found so many solution to enable CORS in nginx and one of them is https://enable-cors.org/server_nginx.html but I've added those code inside my /etc/nginx/nginx.conf and restart nginx server. But I've tried inside postman again and following error raised by nginx.
<html>
<head>
<title>405 Not Allowed</title>
</head>
<body bgcolor="white">
<center>
<h1>405 Not Allowed</h1>
</center>
<hr>
<center>nginx/1.12.1</center>
</body>
</html>
Please let me know how to fix it. Thanks.
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name localhost;
root /var/www/test/app/;
# Load configuration files for the default server block.
include /etc/nginx/default/*.conf;
add_header 'Access-Control-Allow-Origin' *;
add_header 'Access-Control-Allow-Methods' 'GET, POST';
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
location / {
}
285
In Java servlets. Simply add a header to your HttpServletResponse by calling addHeader : response. addHeader("Access-Control-Allow-Origin", "*");
This happens if you haven't set up CORS configuration correctly. you can fix this on you'r local machine using a plugin/extension called Allow-Control-Allow-Origin and add you'r localhost into it. The other way is to manually fix the configuration in server side.
As you can tell by Access-Control-Allow-Origin * – this is wide open configuration, meaning any client will be able to access the resource. You can list specific hostnames that are allowed to access the server: add_header "Access-Control-Allow-Origin" "http://test.com, https://example.com"
This is in no way a secure solution... but this is what I have currently in my set up and it is working. Maybe you can modify it to your needs. Feel free everyone to tell me how wrong it is and maybe we can get a better solution for everyone.
location / {
dav_methods PUT DELETE MKCOL COPY MOVE;
# Preflighted requestis
if ($request_method = OPTIONS) {
add_header "Access-Control-Allow-Origin" *;
add_header "Access-Control-Allow-Methods" "GET, POST, OPTIONS, HEAD, DELETE";
add_header "Access-Control-Allow-Headers" "Authorization, Origin, X-Requested-With, Content-Type, Accept";
return 200;
}
# CORS WHITELIST EVERYTHING
# This is allowing everything because I am running
# locally so there should be no security issues.
if ($request_method = (GET|POST|OPTIONS|HEAD|DELETE)) {
add_header "Access-Control-Allow-Origin" *;
add_header "Access-Control-Allow-Headers" "Authorization, Origin, X-Requested-With, Content-Type, Accept";
}
try_files $uri $uri/ /index.php$is_args$args;
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
