ngx_http_cors_filter_module is a an addon for nginx to dynamic generate cors(Cross-Origin Resource Sharing). Also we can use if to get the the same purpose as following:
server {
location / {
if ($http_origin ~ '//(.*?\.example\.com|example\.com)$') {
add_header 'Access-Control-Allow-Origin' "$http_origin";
add_header 'Access-Control-Allow-Credentials' 'true';
}
proxy_pass xx;
}
}
But you know if is evil and add_header should be in location when it is in if context:(. So use cors, just do this as following:
http {
cors //(.*?\.example\.com|example\.com)$;
}
or
http {
cors //example\.com$;
cors //.*?\.example\.com$;
}
ngx_http_cors_filter_module add all the response header CORS header. For example:
http {
cors //\.cors.com$;
cors //.*\.cors.com$;
cors_force on;
cors_expose "X-My-Custom-Header, X-Another-Custom-Header";
cors_age "360000";
cors_method "GET, POST, OPTIONS";
cors_header "Origin";
}
ngx_http_cors_filter requires the following to run:
- cors: cors codition
Syntax: cors regex
Default: -
Context: main|server|location
http {
cors //\.cors.com$;
cors //.*\.cors.com$;
}
- cors_force: force cover reseponse header even if it have already CORS header
Syntax: cors_force on|off
Default: on
Context: main|server|location
http {
cors_force on;
cors //\.cors.com$;
cors //.*\.cors.com$;
}
- cors_expose: add reseponse header
Access-Control-Expose-Headers: X-My-Custom-Header, X-Another-Custom-Header
Syntax: cors_expose string
Default: null
Context: main|server|location
http {
cors_expose "X-My-Custom-Header, X-Another-Custom-Header";
}
- cors_age: add reseponse header
Access-Control-Max-Age: 3600
Syntax: cors_age string
Default: 3600
Context: main|server|location
http {
cors_age "99999999";
}
- cors_method: add reseponse header
Access-Control-Allow-Methods: <method>[, <method>]*
Syntax: cors_method string
Default: null
Context: main|server|location
http {
cors_method "POST, GET, OPTIONS";
}
- cors_header: add reseponse header
Access-Control-Allow-Headers: X-PINGOTHER, Content-Type
Syntax: cors_header string
Default: null
Context: main|server|location
http {
cors_header "X-PINGOTHER, Content-Type";
}
To contribute to ngx_http_cors_filter, clone this repo locally and commit your code on a separate branch.
GitHub @detailyang
ngx_http_cors_filter is licensed under the MIT license.