2018-11-23 17:14:15 +01:00
|
|
|
# ----------------------------------------------------------------------
|
|
|
|
# | Cross-origin requests |
|
|
|
|
# ----------------------------------------------------------------------
|
|
|
|
|
|
|
|
# Allow cross-origin requests.
|
|
|
|
#
|
|
|
|
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
|
|
|
|
# https://enable-cors.org/
|
|
|
|
# https://www.w3.org/TR/cors/
|
|
|
|
|
|
|
|
# (!) Do not use this without understanding the consequences.
|
|
|
|
# This will permit access from any other website.
|
2019-05-15 18:38:05 +02:00
|
|
|
# Instead of using this file, consider using a specific rule such as
|
|
|
|
# allowing access based on (sub)domain:
|
2018-11-23 17:14:15 +01:00
|
|
|
#
|
2019-05-15 18:38:05 +02:00
|
|
|
# add_header Access-Control-Allow-Origin "subdomain.example.com";
|
2018-11-23 17:14:15 +01:00
|
|
|
|
2019-02-10 20:46:58 +01:00
|
|
|
add_header Access-Control-Allow-Origin $cors;
|