6

I got stuck that I don't know how to enable CORS in nginx? Honestly, I've found so many solution to enable CORS in nginx and one of them is https://enable-cors.org/server_nginx.html but I've added those code inside my /etc/nginx/nginx.conf and restart nginx server. But I've tried inside postman again and following error raised by nginx.

<html>
    <head>
        <title>405 Not Allowed</title>
    </head>
    <body bgcolor="white">
        <center>
            <h1>405 Not Allowed</h1>
        </center>
        <hr>
        <center>nginx/1.12.1</center>
    </body>
</html>

Please let me know how to fix it. Thanks.

server {
    listen       80 default_server;
    listen       [::]:80 default_server;
    server_name  localhost;
    root         /var/www/test/app/;

    # Load configuration files for the default server block.
    include /etc/nginx/default/*.conf;

    add_header 'Access-Control-Allow-Origin' *;
    add_header 'Access-Control-Allow-Methods' 'GET, POST';
    add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';

    location / {
    }
Improve this question
6
  • Please show your nginx.conf and your request Commented Jun 1, 2018 at 19:49
  • @AlexC I've edited my question. Commented Jun 2, 2018 at 9:15
  • You missed OPTIONS into allow methods. Commented Jun 2, 2018 at 9:27
  • @AlexC still not working Commented Jun 2, 2018 at 9:40
  • @ppshein, please show your request details Commented Jun 2, 2018 at 19:15

1 Answer 1

Reset to default
6

This is in no way a secure solution... but this is what I have currently in my set up and it is working. Maybe you can modify it to your needs. Feel free everyone to tell me how wrong it is and maybe we can get a better solution for everyone.

location / {

      dav_methods PUT DELETE MKCOL COPY MOVE;

      # Preflighted requestis
      if ($request_method = OPTIONS) {
        add_header "Access-Control-Allow-Origin" *;
        add_header "Access-Control-Allow-Methods" "GET, POST, OPTIONS, HEAD, DELETE";
        add_header "Access-Control-Allow-Headers" "Authorization, Origin, X-Requested-With, Content-Type, Accept";
        return 200;
      }

      # CORS WHITELIST EVERYTHING
      # This is allowing everything because I am running
      # locally so there should be no security issues.
      if ($request_method = (GET|POST|OPTIONS|HEAD|DELETE)) {
        add_header "Access-Control-Allow-Origin" *;
        add_header "Access-Control-Allow-Headers" "Authorization, Origin, X-Requested-With, Content-Type, Accept";
      }

       try_files $uri $uri/ /index.php$is_args$args;
    }
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.