Nginx – Allowing cross origin requests (CORS) on Nginx for 404 responses

cross-domainnginx

I'm using Nginx to serve static files in response to CORS requests using the technique outlined in this question. However, when the file doesn't exist the 404 response does not contain the Access-Control-Allow-Origin: * header and so is block by the browser.

How can I send Access-Control-Allow-Origin: * on 404 responses?

Best Answer

Even though this was asked long ago, I was compiling nginx with more module, but with newer version of nginx, I found I don't have to custom compile nginx, all I needed was to add always directive.

http://nginx.org/en/docs/http/ngx_http_headers_module.html

Syntax: add_header name value [always];

If the always parameter is specified (1.7.5), the header field will be added regardless of the response code.

So a tuned version of CORS headers:

            if ($cors = "trueget") {
                    # Tells the browser this origin may make cross-origin requests
                    # (Here, we echo the requesting origin, which matched the whitelist.)
                    add_header 'Access-Control-Allow-Origin' "$http_origin" always;

                    # Tells the browser it may show the response, when XmlHttpRequest.withCredentials=true.
                    add_header 'Access-Control-Allow-Credentials' 'true' always;
            }
Related Topic