Nginx – Set Access-Control-Allow-Origin in nginx using wildcard domain

http-headersnginxSecurity

With nginx can I specify Access-Control-Allow-Origin using a wildcard like *.mydomain.com?

Would it look like:

add_header Access-Control-Allow-Origin *.mydomain.com;

Thanks.

Best Answer

You sure can. I use the following directive to support some of our cross domain fonts:

  add_header Access-Control-Allow-Origin *;

Related Solutions

Nginx – How to add Access-Control-Allow-Origin in NGINX

Nginx has to be compiled with http://wiki.nginx.org/NginxHttpHeadersModule (default on Ubuntu and some other Linux distros). Then you can do this

location ~* \.(eot|ttf|woff|woff2)$ {
    add_header Access-Control-Allow-Origin *;
}

Nginx – How to make nginx support @font-face formats and allow access-control-allow-origin

Woot! Got it.. It was pretty much what I suspected in my edit, I had to basically do the regex filename check in my sole location {} instead of making an alternative one.

    location / { 
            root /www/site.org/public/;
            index index.html;

            if ($request_filename ~* ^.*?/([^/]*?)$)
            {
                set $filename $1; 
            }

            if ($filename ~* ^.*?\.(eot)|(ttf)|(woff)$){
                add_header Access-Control-Allow-Origin *;
            }
    }

Best Answer

Related Solutions

Nginx – How to add Access-Control-Allow-Origin in NGINX

Nginx – How to make nginx support @font-face formats and allow access-control-allow-origin

Related Topic