I have created a folder that will be used for serving static files (CSS, images, fonts and JS etc) I will eventually CNAME the folder into a subdomain for usage on a CDN to work with my Magento 2 setup.
I want to allow ALL domains ALL access via CORS - Cross Origin Policy and I want to cache the data too. This is what I have. (I am not asking for security suggestions or tips on JSONP issues - I want global access to the file directory please)
location /cdn-directory/ {
location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2|zip|gz|gzip|bz2|csv|xml)$ {
add_header Cache-Control "public";
add_header X-Frame-Options "ALLOW-FROM *";
expires +1y;
}
}
According to documentation it says X-Frame-Options
supports ALLOW-FROM uri
but cannot see examples of using *
(all domains) or adding certain multiple domains in this ALLOW-FROM
. I need to allow all domains access to my static files folder.
location /cdn-directory/ {
location ~* \.(js|css|swf|eot|ttf|otf|woff|woff2)$ {
add_header 'Cache-Control' 'public';
add_header 'X-Frame-Options' 'ALLOW-FROM *';
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
expires +1y;
}
}
Collected from the Internet
Please contact [email protected] to delete if infringement.
Comments