Nginx Config for Cors - add_header directive is not allowed

MechaStorm

I am trying add CORS directive to my nginx file for as simple static HTML site. (taken from here http://enable-cors.org/server_nginx.html)

Would there be a reason why it would complain about the first add_header directive saying 'add_header" directive is not allowed here'

My config file sample

server {
    if ($http_origin ~* (https?://[^/]*\.domain\.com(:[0-9]+)?)$) {
        set $cors "true";
    }

    if ($request_method = 'OPTIONS') {
        set $cors "${cors}options";
    }

    if ($request_method = 'GET') {
        set $cors "${cors}get";
    }
    if ($request_method = 'POST') {
        set $cors "${cors}post";
    }

    if ($cors = "trueget") {
        add_header 'Access-Control-Allow-Origin' "$http_origin";
        add_header 'Access-Control-Allow-Credentials' 'true';
    }

    if ($cors = "truepost") {
        add_header 'Access-Control-Allow-Origin' "$http_origin";
        add_header 'Access-Control-Allow-Credentials' 'true';
    }

    if ($cors = "trueoptions") {
        add_header 'Access-Control-Allow-Origin' "$http_origin";
        add_header 'Access-Control-Allow-Credentials' 'true';
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
        add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since';
        add_header 'Content-Length' 0;
        add_header 'Content-Type' 'text/plain charset=UTF-8';
        return 204;
    }

    listen 8080;

    location / {
        root /var/www/vhosts/mysite;
    }
}
Tan Hong Tat

add_header has to be placed under either http, server, location or if in location block.

You are placing in under if in server. Move them under the location block.

server {


    listen 8080;

    location / {
        root /var/www/vhosts/mysite;

        if ($http_origin ~* (https?://[^/]*\.domain\.com(:[0-9]+)?)$) {
            set $cors "true";
        }

        if ($request_method = 'OPTIONS') {
            set $cors "${cors}options";
        }

        if ($request_method = 'GET') {
            set $cors "${cors}get";
        }
        if ($request_method = 'POST') {
            set $cors "${cors}post";
        }

        if ($cors = "trueget") {
            add_header 'Access-Control-Allow-Origin' "$http_origin";
            add_header 'Access-Control-Allow-Credentials' 'true';
        }

        if ($cors = "truepost") {
            add_header 'Access-Control-Allow-Origin' "$http_origin";
            add_header 'Access-Control-Allow-Credentials' 'true';
        }

        if ($cors = "trueoptions") {
            add_header 'Access-Control-Allow-Origin' "$http_origin";
            add_header 'Access-Control-Allow-Credentials' 'true';
            add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
            add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since';
            add_header 'Content-Length' 0;
            add_header 'Content-Type' 'text/plain charset=UTF-8';
            return 204;
        }
    }
}

Source: http://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header

Collected from the Internet

Please contact [email protected] to delete if infringement.

edited at
0

Comments

0 comments
Login to comment

Related

From Dev

nginx "env" directive is not allowed here

From Dev

NGINX - "server" directive is not allowed here

From Dev

Nginx add_header and cache control

From Dev

error when adding add_header to nginx

From Dev

Nginx add_header and cache control

From Dev

error when adding add_header to nginx

From Java

nginx: [emerg] "server" directive is not allowed here

From Dev

Nginx add_header Sec-WebSocket-Protocol does not work

From Dev

nginx directive is not allowed here in unicorn's example nginx.conf

From Dev

Can't Start Nginx: "server" directive is not allowed here

From Dev

Add domain to Nginx config

From Dev

nginx: [emerg] "worker_processes" directive is not allowed here in /opt/tools/nginx/conf/nginx.conf:1

From Java

Setting ssl_prefer_server_ciphers directive in nginx config

From Dev

nginx: [emerg] "location" directive is not allowed here in /etc/nginx/conf.d/default.conf:1

From Dev

"set" directive is not allowed here

From Dev

CORS 405 (Method Not Allowed)

From Dev

CORS 405 (Method Not Allowed)

From Dev

CORS Origin Request not allowed

From Dev

Set Custom Header in Nginx config and pass it to gunicorn

From Dev

Zuul Proxy CORS header contains multiple values, headers repeated twice - Java Spring Boot CORS filter config

From Dev

Is CORS request without Origin allowed?

From Dev

CORS - localhost as allowed origin in production

From Dev

Azure CORS Variable Allowed Origins

From Dev

Is CORS request without Origin allowed?

From Dev

Dealing with Origin http://localhost is not allowed by Access-Control-Allow-Origin Without CORS header

From Dev

Dealing with Origin http://localhost is not allowed by Access-Control-Allow-Origin Without CORS header

From Dev

Node JS - CORS - Request header field Authorization is not allowed by Access-Control-Allow-Headers in preflight response

From Dev

How to add CORS (cross origin policy) to all domains in NGINX?

From Dev

Nginx unknown directive "if($domain"

Related Related

  1. 1

    nginx "env" directive is not allowed here

  2. 2

    NGINX - "server" directive is not allowed here

  3. 3

    Nginx add_header and cache control

  4. 4

    error when adding add_header to nginx

  5. 5

    Nginx add_header and cache control

  6. 6

    error when adding add_header to nginx

  7. 7

    nginx: [emerg] "server" directive is not allowed here

  8. 8

    Nginx add_header Sec-WebSocket-Protocol does not work

  9. 9

    nginx directive is not allowed here in unicorn's example nginx.conf

  10. 10

    Can't Start Nginx: "server" directive is not allowed here

  11. 11

    Add domain to Nginx config

  12. 12

    nginx: [emerg] "worker_processes" directive is not allowed here in /opt/tools/nginx/conf/nginx.conf:1

  13. 13

    Setting ssl_prefer_server_ciphers directive in nginx config

  14. 14

    nginx: [emerg] "location" directive is not allowed here in /etc/nginx/conf.d/default.conf:1

  15. 15

    "set" directive is not allowed here

  16. 16

    CORS 405 (Method Not Allowed)

  17. 17

    CORS 405 (Method Not Allowed)

  18. 18

    CORS Origin Request not allowed

  19. 19

    Set Custom Header in Nginx config and pass it to gunicorn

  20. 20

    Zuul Proxy CORS header contains multiple values, headers repeated twice - Java Spring Boot CORS filter config

  21. 21

    Is CORS request without Origin allowed?

  22. 22

    CORS - localhost as allowed origin in production

  23. 23

    Azure CORS Variable Allowed Origins

  24. 24

    Is CORS request without Origin allowed?

  25. 25

    Dealing with Origin http://localhost is not allowed by Access-Control-Allow-Origin Without CORS header

  26. 26

    Dealing with Origin http://localhost is not allowed by Access-Control-Allow-Origin Without CORS header

  27. 27

    Node JS - CORS - Request header field Authorization is not allowed by Access-Control-Allow-Headers in preflight response

  28. 28

    How to add CORS (cross origin policy) to all domains in NGINX?

  29. 29

    Nginx unknown directive "if($domain"

HotTag

Archive