server-configs-nginx/h5bp/directive-only/cross-domain-insecure.conf

16 lines
459 B
Plaintext
Raw Normal View History

# Cross domain AJAX requests
# **Security Warning**
# Do not use this without understanding the consequences.
# This will permit access from any other website.
#
add_header "Access-Control-Allow-Origin" "*";
# Instead of using this file, consider using a specific rule such as:
#
# Allow access based on [sub]domain:
# add_header "Access-Control-Allow-Origin" "subdomain.example.com";
# OR
# add_header "Access-Control-Allow-Origin" "*.example.com";