ngx_http_cors_filter_module is a an addon for nginx to dynamic generate cors(Cross-Origin Resource Sharing). Also we can use if to get the the same purpose as following:

    server {
        location / {
            if ($http_origin ~ '//(.*?\.example\.com|example\.com)$') {
                add_header 'Access-Control-Allow-Origin' "$http_origin";
                add_header 'Access-Control-Allow-Credentials' 'true';
            }
            proxy_pass xx;
        }
    }

But you know if is evil and add_header should be in location when it is in if context:(. So use cors, just do this as following:

http {
    cors //(.*?\.example\.com|example\.com)$;
}

or 

http {
    cors //example\.com$;
    cors //.*?\.example\.com$;
}

• How-To-Use
• Requirements
• Direction
• Contributing
• Author
• License

ngx_http_cors_filter_module add all the response header CORS header. For example:

http {
    cors //\.cors.com$;
    cors //.*\.cors.com$;
    cors_force on;
    cors_expose "X-My-Custom-Header, X-Another-Custom-Header";
    cors_age "360000";
    cors_method "GET, POST, OPTIONS";
    cors_header "Origin";
}

ngx_http_cors_filter requires the following to run:

• nginx or other forked version like openresty、tengine

• cors: cors codition
  Syntax: cors regex
  Default: -
  Context: main|server|location

http {
    cors //\.cors.com$;
    cors //.*\.cors.com$;
}

• cors_force: force cover reseponse header even if it have already CORS header
  Syntax: cors_force on|off
  Default: on
  Context: main|server|location

http {
    cors_force on;
    cors //\.cors.com$;
    cors //.*\.cors.com$;
}

• cors_expose: add reseponse header Access-Control-Expose-Headers: X-My-Custom-Header, X-Another-Custom-Header

Syntax: cors_expose string
Default: null
Context: main|server|location

http {
    cors_expose "X-My-Custom-Header, X-Another-Custom-Header";
}

• cors_age: add reseponse header Access-Control-Max-Age: 3600

Syntax: cors_age string
Default: 3600
Context: main|server|location

http {
    cors_age "99999999";
}

• cors_method: add reseponse header Access-Control-Allow-Methods: <method>[, <method>]*

Syntax: cors_method string
Default: null
Context: main|server|location

http {
    cors_method "POST, GET, OPTIONS";
}

• cors_header: add reseponse header Access-Control-Allow-Headers: X-PINGOTHER, Content-Type

Syntax: cors_header string
Default: null
Context: main|server|location

http {
    cors_header "X-PINGOTHER, Content-Type";
}

To contribute to ngx_http_cors_filter, clone this repo locally and commit your code on a separate branch.

GitHub @detailyang

ngx_http_cors_filter is licensed under the MIT license.