How to enable CORS on NGINX

To enable CORS on NGINX, you need to use the add_header directive and add it to the appropriate NGINX configuration file.

For example, you can set

add_header Access-Control-Allow-Origin *;

to allow access from any domain.

Here is an example configuration snippet for NGINX, based on Wide open NGINX CORS configuration

#
# Wide-open CORS config for nginx
#

location / {
    if ($request_method = OPTIONS) {
        return 204;
    }

    add_header Access-Control-Allow-Origin *;
    add_header Access-Control-Max-Age 3600;
    add_header Access-Control-Expose-Headers Content-Length;
    add_header Access-Control-Allow-Headers Range;
}

To validate that the headers are set appropriately, you can run:

curl -I [http-end-point]

The result should contain the following line:

...
Access-Control-Allow-Origin: *
...

Additional resources:

There are a lot of examples online how to enable CORS on NGINX. Here are a few good ones:

• How do I add Access-Control-Allow-Origin in NGINX?
• Wide open NGINX CORS configuration
• Slightly tighter CORS config for NGINX