CORS rules coversion from Apache .htaccess to nginx

Question

Presently I have these .htaccess rules working perfectly on my Apache server:

    SetEnvIf Origin \"https://(www\\.)?(domain.c         


        

Answer 1

The simplest nginx equivalent of the Apache config in the question would be, just use add_header and wrap it all in anif block that does a regex match against $http_origin:

location / {   
  if ($http_origin ~* https://(www\.)?(domain.com|beta.domain.com|domain.loc)) {
    add_header Access-Control-Allow-Origin $http_origin;
    add_header Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, X-CSRF-Token, X-XSRF-TOKEN";
    add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
    add_header Access-Control-Allow-Credentials true
  }
  # use $http_authorization to get the value of the Authorization request header
}

The extra RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] stuff that you need to do with Apache isn’t necessary with nginx; instead just use $http_authorization.

Note that variables in nginx that have names prefixed with $http_ are special variables:

$http_name
      arbitrary request header field; the last part of a variable name is the field name
      converted to lower case with dashes replaced by underscores

Thus $http_origin gives you the value of the Origin request header, $http_authorization gives you the value of the Authorization request header, etc.