# ----------------------------------------------------------------------
# | Cross-origin requests                                              |
# ----------------------------------------------------------------------

# Allow cross-origin requests.
#
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
# https://enable-cors.org/
# https://www.w3.org/TR/cors/

# (!) Do not use this without understanding the consequences.
#     This will permit access from any other website.
#     Instead of using this file, consider using a specific rule such as
#     allowing access based on (sub)domain:
#
#         add_header Access-Control-Allow-Origin "subdomain.example.com";

add_header Access-Control-Allow-Origin $cors;