Nginx – How to add Access-Control-Allow-Origin in NGINX

corsnginx

How do I set the Access-Control-Allow-Origin header so I can use web-fonts from my subdomain on my main domain?

Notes:

You'll find examples of this and other headers for most HTTP servers in the HTML5BP Server Configs projects https://github.com/h5bp/server-configs

Best Answer

Nginx has to be compiled with http://wiki.nginx.org/NginxHttpHeadersModule (default on Ubuntu and some other Linux distros). Then you can do this

location ~* \.(eot|ttf|woff|woff2)$ {
    add_header Access-Control-Allow-Origin *;
}

Related Solutions

Nginx – How to make nginx support @font-face formats and allow access-control-allow-origin

Woot! Got it.. It was pretty much what I suspected in my edit, I had to basically do the regex filename check in my sole location {} instead of making an alternative one.

    location / { 
            root /www/site.org/public/;
            index index.html;

            if ($request_filename ~* ^.*?/([^/]*?)$)
            {
                set $filename $1; 
            }

            if ($filename ~* ^.*?\.(eot)|(ttf)|(woff)$){
                add_header Access-Control-Allow-Origin *;
            }
    }

Debian – Access-Control-Allow-Origin “*” not allowed when credentials flag is true

This error is returned by your browser.

Basically means you just can't do that.

CORS related headers should not be set in Apache (in your case)

Generate that in your NodeJS application with specified domain:port, not wildcard.

I don't know NodeJS. In php you can use

header("Access-Control-Allow-Origin: ".$_SERVER['HTTP_ORIGIN']);

to simulate wildcard.

Best Answer

Related Solutions

Nginx – How to make nginx support @font-face formats and allow access-control-allow-origin

Debian – Access-Control-Allow-Origin “*” not allowed when credentials flag is true

Related Topic