How to enable CORS in nginx?

Published on Aug. 22, 2023, 12:19 p.m.

To enable CORS in nginx, you can use the add_header directive to add the Access-Control-Allow-Origin header to the HTTP response. Here’s an example of how to set it up:

location / {
    add_header 'Access-Control-Allow-Origin' '*';
    # your other directives here
}

In this example, the Access-Control-Allow-Origin header is set to * to allow any origin to access the resources served by nginx. You can also set it to a specific domain or a list of domains to restrict access to only those domains.

Note that enabling CORS can increase the security risks for your application, so it should be done with caution. It’s recommended to restrict access to only the domains that need to access your resources and to use HTTPS for increased security.

Also, keep in mind that using the add_header directive with if statements can be tricky, as if statements aren’t recommended in location blocks. It’s better to use map or separate location blocks to handle the add_header directive for different paths or conditions.

Tags:

nginx cors

Previous

How to set up a custom error page in nginx?

Next

How to set up a reverse proxy with nginx?