Search
Search

How to add CORS (cross origin policy) to all domains in NGINX?

TheBlackBenzKid Published at Dev
13
TheBlackBenzKid

I have created a folder that will be used for serving static files (CSS, images, fonts and JS etc) I will eventually CNAME the folder into a subdomain for usage on a CDN to work with my Magento 2 setup.

I want to allow ALL domains ALL access via CORS - Cross Origin Policy and I want to cache the data too. This is what I have. (I am not asking for security suggestions or tips on JSONP issues - I want global access to the file directory please)

location /cdn-directory/ {

    location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2|zip|gz|gzip|bz2|csv|xml)$ {
        add_header Cache-Control "public";
        add_header X-Frame-Options "ALLOW-FROM *";
        expires +1y;
    }

}

According to documentation it says X-Frame-Options supports ALLOW-FROM uri but cannot see examples of using * (all domains) or adding certain multiple domains in this ALLOW-FROM. I need to allow all domains access to my static files folder.

bowpunya 
location /cdn-directory/ {

location ~* \.(js|css|swf|eot|ttf|otf|woff|woff2)$ {
    add_header 'Cache-Control' 'public';
    add_header 'X-Frame-Options' 'ALLOW-FROM *';
    add_header 'Access-Control-Allow-Origin' '*';
    add_header 'Access-Control-Allow-Credentials' 'true';
    add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
    add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
    expires +1y;
  } 
}

http://enable-cors.org/server_nginx.html

Collected from the Internet

Please contact [email protected] to delete if infringement.

edited at
0

Comments

0 comments
Login to comment

Related

From Dev

How to bypass Cross origin policy

From Dev

Cross Origin Policy error

From Dev

Unresolvable CORS issue! How to disable the same origin policy of Chrome on MacOS?

From Dev

Usefulness of Same Origin Policy with CORS

From Dev

Understanding CORS and Same origin policy

From Dev

Disabling same origin policy for Chrome for local domains

From Dev

Confusion over how Cross Origin Resource Sharing (CORS) works

From Dev

PHP & CORS (Cross-Origin): How does this work?

From Dev

nginx responds to all domains

From Dev

Security implications of adding all domains to CORS (Access-Control-Allow-Origin: *)

From Dev

Cross origin request with CORS filter

From Dev

Is CORS protection ( Same origin policy ) reliable?

From Dev

Cross Origin Resource sharing issue even when all the CORS headers are present

From Dev

"Cross-Origin Request Blocked: The Same Origin Policy" Error in browser

From Dev

"Cross-Origin Request Blocked: The Same Origin Policy" Error in browser

From Java

How to solve 'Redirect has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header'?

From Dev

CORS (cross origin resource sharing) using PHP

From Dev

Cross Origin Resource Sharing (CORS) and Javascript

From Dev

Cross-origin resource sharing (CORS) concept

From Dev

Cross Origin Resource Sharing (CORS) issue

From Dev

Cross Origin Resource Sharing (CORS) and Javascript

From Dev

Cross Origin Resource Sharing (CORS) via AJAX

From Dev

Spring Security CORS: Origin has been blocked by CORS Policy

From Dev

How To Make Cross-Origin Requests In Firefox Add-ons?

From Dev

How To Make Cross-Origin Requests In Firefox Add-ons?

From Dev

how to add Cross Origin Resource Sharing in my java fie

From Dev

Javascript window.opener.postMessage Cross Origin with multiple sub domains

From Dev

How do you enable cross-origin requests (CORS) in ASP.NET Core MVC

From Dev

How can I fix the 'Missing Cross-Origin Resource Sharing (CORS) Response Header' webfont issue?

Related Related

  1. 1

    How to bypass Cross origin policy

  2. 2

    Cross Origin Policy error

  3. 3

    Unresolvable CORS issue! How to disable the same origin policy of Chrome on MacOS?

  4. 4

    Usefulness of Same Origin Policy with CORS

  5. 5

    Understanding CORS and Same origin policy

  6. 6

    Disabling same origin policy for Chrome for local domains

  7. 7

    Confusion over how Cross Origin Resource Sharing (CORS) works

  8. 8

    PHP & CORS (Cross-Origin): How does this work?

  9. 9

    nginx responds to all domains

  10. 10

    Security implications of adding all domains to CORS (Access-Control-Allow-Origin: *)

  11. 11

    Cross origin request with CORS filter

  12. 12

    Is CORS protection ( Same origin policy ) reliable?

  13. 13

    Cross Origin Resource sharing issue even when all the CORS headers are present

  14. 14

    "Cross-Origin Request Blocked: The Same Origin Policy" Error in browser

  15. 15

    "Cross-Origin Request Blocked: The Same Origin Policy" Error in browser

  16. 16

    How to solve 'Redirect has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header'?

  17. 17

    CORS (cross origin resource sharing) using PHP

  18. 18

    Cross Origin Resource Sharing (CORS) and Javascript

  19. 19

    Cross-origin resource sharing (CORS) concept

  20. 20

    Cross Origin Resource Sharing (CORS) issue

  21. 21

    Cross Origin Resource Sharing (CORS) and Javascript

  22. 22

    Cross Origin Resource Sharing (CORS) via AJAX

  23. 23

    Spring Security CORS: Origin has been blocked by CORS Policy

  24. 24

    How To Make Cross-Origin Requests In Firefox Add-ons?

  25. 25

    How To Make Cross-Origin Requests In Firefox Add-ons?

  26. 26

    how to add Cross Origin Resource Sharing in my java fie

  27. 27

    Javascript window.opener.postMessage Cross Origin with multiple sub domains

  28. 28

    How do you enable cross-origin requests (CORS) in ASP.NET Core MVC

  29. 29

    How can I fix the 'Missing Cross-Origin Resource Sharing (CORS) Response Header' webfont issue?

HotTag

Archive