server-configs-nginx/h5bp/directive-only/cross-domain-insecure.conf

# Cross domain AJAX requests

# https://www.w3.org/TR/cors/#access-control-allow-origin-response-header

# **Security Warning**
# Do not use this without understanding the consequences.
# This will permit access from any other website.
#
add_header "Access-Control-Allow-Origin" "*";

# Instead of using this file, consider using a specific rule such as:
#
# Allow access based on [sub]domain:
#    add_header "Access-Control-Allow-Origin" "subdomain.example.com";
apply cross-domain changes proposed in #23 closes #23 2014-04-08 12:13:29 +02:00			`# Cross domain AJAX requests`

Switch to `https` when possible 2018-11-23 13:15:44 +01:00			`# https://www.w3.org/TR/cors/#access-control-allow-origin-response-header`
Don't use invalid examples A wildcard subdomain isn't valid syntax for a ACAO header 2015-05-29 15:32:23 +02:00
apply cross-domain changes proposed in #23 closes #23 2014-04-08 12:13:29 +02:00			`# Security Warning`
Fix typo Close h5bp/server-configs-nginx#48. 2014-06-26 19:55:57 +02:00			`# Do not use this without understanding the consequences.`
apply cross-domain changes proposed in #23 closes #23 2014-04-08 12:13:29 +02:00			`# This will permit access from any other website.`
			`#`
			`add_header "Access-Control-Allow-Origin" "*";`

			`# Instead of using this file, consider using a specific rule such as:`
			`#`
			`# Allow access based on [sub]domain:`
			`# add_header "Access-Control-Allow-Origin" "subdomain.example.com";`