3

I'm using Laravel 4 with Nginx and PHP-FPM for serving the application.

The application implements an API however and I've added some fairly open CORS rules to Nginx which seem to be working fine.

Whenever the application throws an error, Nginx doesn't seem to add the headers as part of the response. Is there any way to force this without having to install the more headers extension?

My config is as follows:

server {
    listen 80;
    server_name mediabase.local;
    root /home/vagrant/mediabase/public;

    index index.html index.htm index.php;

    charset utf-8;

    location / {
        try_files $uri $uri/ /index.php?$query_string;

    add_header Access-Control-Allow-Origin "*";
    add_header Access-Control-Allow-Methods "GET, OPTIONS, POST, HEAD, DELETE, PUT";
    add_header Access-Control-Allow-Headers "Authorization, X-Requested-With, Content-Type, Origin, Accept";
    add_header Access-Control-Allow-Credentials "true";
    add_header Access-Control-Max-Age: 86400;


    }

    location = /favicon.ico { access_log off; log_not_found off; }
    location = /robots.txt  { access_log off; log_not_found off; }

    access_log off;
    error_log  /var/log/nginx/mediabase.local-error.log error;

    error_page 404 /index.php;

    sendfile off;

    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/var/run/php5-fpm.sock;
        fastcgi_index index.php;
        include fastcgi_params;

    add_header Access-Control-Allow-Origin "*";
    add_header Access-Control-Allow-Methods "GET, OPTIONS, POST, HEAD, DELETE, PUT";
    add_header Access-Control-Allow-Headers "Authorization, X-Requested-With, Content-Type, Origin, Accept";
    add_header Access-Control-Allow-Credentials "true";
    add_header Access-Control-Max-Age: 86400;

    }

    location ~ /\.ht {
        deny all;
    }
}
Bobby Sciacchitano
  • 851
  • 1
  • 10
  • 19
  • > Adds the specified field to a response header provided that the response code equals 200, 201, 204, 206, 301, 302, 303, 304, or 307. – Alexey Ten May 30 '14 at 03:37

2 Answers2

3

Nginx's docs say that add_header

Adds the specified field to a response header provided that the response code equals 200, 201, 204, 206, 301, 302, 303, 304, or 307.

As alternative to HttpHeadersMoreModule you can add headers in Laravel, here is how it can be done: https://stackoverflow.com/a/17550224

Community
  • 1
  • 1
dened
  • 4,253
  • 18
  • 34
1

Actually, the solution is quite simple. @dened is right but here how to deal with this problem that I steal from here https://coderwall.com/p/wprykg/cors-with-nginx-for-401-404-501-and-any-other-http-status 

add_header 'Access-Control-Allow-Origin' * always;

kudos to Javis V. Pérez

Phung D. An
  • 2,402
  • 1
  • 22
  • 23