diff --git a/nginx/nginx/sites-available/cdn.conf b/nginx/nginx/sites-available/cdn.conf index 718c06a..4cf6e5c 100644 --- a/nginx/nginx/sites-available/cdn.conf +++ b/nginx/nginx/sites-available/cdn.conf @@ -18,7 +18,18 @@ server { return 301 $scheme://$host/avatars/$1; } + # Handle CORS preflight requests without the "if is evil" pattern. location / { + if ($request_method = OPTIONS) { + add_header Access-Control-Allow-Origin "*" always; + add_header Access-Control-Allow-Methods "GET, OPTIONS" always; + add_header Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range" always; + add_header Access-Control-Max-Age 86400 always; + add_header Content-Type "text/plain; charset=utf-8"; + add_header Content-Length 0; + return 204; + } + proxy_pass https://nhcarrigan.hel1.your-objectstorage.com; proxy_set_header Host nhcarrigan.hel1.your-objectstorage.com; @@ -32,22 +43,12 @@ server { proxy_set_header x-amz-date ""; proxy_set_header x-amz-security-token ""; - add_header X-Debug-Cdn "Proxy-Active" always; - proxy_hide_header Access-Control-Allow-Origin; + add_header X-Debug-Cdn "Proxy-Active" always; add_header Access-Control-Allow-Origin "*" always; - add_header Access-Control-Allow-Methods "GET, POST, OPTIONS" always; + add_header Access-Control-Allow-Methods "GET, OPTIONS" always; add_header Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range" always; - - if ($request_method = 'OPTIONS') { - add_header Access-Control-Allow-Origin "*" always; - add_header Access-Control-Allow-Methods "GET, POST, OPTIONS" always; - add_header Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range" always; - add_header Content-Type "text/plain; charset=utf-8"; - add_header Content-Length 0; - return 204; - } } include /etc/nginx/snippets/deny-dotfiles.conf; }