antisaWiki

User Tools

Site Tools

Trace:
wiki:allowing_cors_requests

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
wiki:allowing_cors_requests [2024/10/14 10:08] – [nginx] update header values antisawiki:allowing_cors_requests [2024/10/14 14:42] (current) – [nginx] add info about Set-Cookie antisa
Line 38: Line 38:
 add_header 'Access-Control-Allow-Credentials' 'true'; add_header 'Access-Control-Allow-Credentials' 'true';
 add_header 'Access-Control-Allow-Headers' 'Origin, Content-Type, Accept, Authorization'; add_header 'Access-Control-Allow-Headers' 'Origin, Content-Type, Accept, Authorization';
-add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS';+add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
  
  
Line 53: Line 53:
 } }
 </code>  </code> 
 +
 +<WRAP center round tip 60%>
 +If you are also setting a cookie, remember that it can only be set from the same domain i.e. if there's an app running under app.example.org and it sends ''Set-Cookie yummy=fe.example.com'', this won't work. You will get an error like ''Cookie “yummy” has been rejected for invalid domain.''
 +</WRAP>
  
 ====== Tested on ====== ====== Tested on ======
wiki/allowing_cors_requests.1728900503.txt.gz · Last modified: by antisa
Except where otherwise noted, content on this wiki is licensed under the following license: CC0 1.0 Universal
CC0 1.0 Universal Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki