How to allow access via CORS to multiple domains within nginx
I was having some issues getting SVGs to load on my website if you were viewing website.com instead of www.website.com. The website is on an nginx server, so I added this, a
-
The W3 spec on
Access-Control-Allow-Originexplains that multiple origins can be specified by a space-separated list. In practice, though, this is unlikely to be interpreted correctly by current implementations in browsers (eg fails for Firefox 45 at time of writing); summed up by this comment.To implement what you need, then the following nginx snippet will check the incoming
Originheader and adjust the response accordingly:location / { if ($http_origin ~* "^https?://(website.com|www.website.com)$") { add_header Access-Control-Allow-Origin "$http_origin"; } }Add more domains into the regular expression as required; the
s?can be removed if you want to solely supporthttp://.For note, if you're including SVGs directly on a web page via HTML (eg
, then CORS and <code>Access-Control-Allow-Origin</code> aren't required. If you're using the <code>crossorigin</code> attribute for your images (such as CORS Enabled Images), or loading via JS etc then the above is needed.</p>
<hr>
<p><strong>Original answer to adding multiple headers with the same name in nginx (CORS references removed as they were incorrect):</strong></p>
<p>You can use <code>add_header</code> multiple times in a given block:</p>
<pre><code>location / {
add_header Header-Name )
and your response will contain:
Header-Name: value Header-Name: value2add_headercan also feature variables and note that you might want to add thealwaysparameter (see http://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header) if you want headers to be added to all response codes, including errors.
加载中...
- 热议问题