Join the social network of Tech Nerds, increase skill rank, get work, manage projects...
 
  • Implementing CORS in NGINX

    • 0
    • 0
    • 0
    • 0
    • 0
    • 0
    • 0
    • 0
    • 844
    Comment on it

    Allow CrossDomain Requests on NGINX Based Server

    Hi friends,
    At some point because of some requirement, we might want to hit one server's api from another server's javascript or so, and we get errors like:
    http://somedomain.com is not allowed by Access-Control-Allow-Origin.
    It is because the server doesn't allow cross domain ajax or javascript requests. To achieve this, we need to set the Access-Control-Allow-Origin: *. For allowing all the requests from remote. Here I am going to show, how you can achieve this in nginx based server.
    First thing you need to do is login into your server, and open the nginx.conf file. By default the nginx.conf file usually appears to be at /opt/nginx/conf/nginx.conf. But it may be at different place in your system. So just open that using vim or normal sudo nano command like this:

    	>> sudo nano /opt/nginx/conf/nginx.conf
    


    On doing so you will get an nginx configuration file and there inside the location you need to place this code:

    #
    # Wide-open CORS config for nginx
    #
    location / {
         if ($request_method = 'OPTIONS') {
            #
            # Allowing all remote sources
            #
            add_header 'Access-Control-Allow-Origin' '*';
            add_header 'Access-Control-Allow-Credentials' 'true';
            add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
            #
            # Custom headers and headers various browsers *should* be OK with but aren't
            #
            add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
            #
            # Set the access control max age here it is
            #
            add_header 'Access-Control-Max-Age' 1728000;
            add_header 'Content-Type' 'text/plain charset=UTF-8';
            add_header 'Content-Length' 0;
            return 204;
         }
         if ($request_method = 'POST') {
            add_header 'Access-Control-Allow-Origin' '*';
            add_header 'Access-Control-Allow-Credentials' 'true';
            add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
            add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
         }
         if ($request_method = 'GET') {
            add_header 'Access-Control-Allow-Origin' '*';
            add_header 'Access-Control-Allow-Credentials' 'true';
            add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
            add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
         }
    }
    

    You can also modify methods in it, if you want to allow only specific requests or a specific remote IP, you can change that. After that save this configuration by CTRL + X, followed by Y.
    Hope you like reading this blog. For more like this. Click here

 0 Comment(s)

Sign In
                           OR                           
                           OR                           
Register

Sign up using

                           OR                           
Forgot Password
Fill out the form below and instructions to reset your password will be emailed to you:
Reset Password
Fill out the form below and reset your password: