1

We have Nginx as a proxy with this header. 

nginx::server: |
     expires       modified +5m;
     large_client_header_buffers  4 32k;        
     add_header    Access-Control-Allow-Origin *;

That's the configuration from puppet so I assume that it should work for any domain. I try with cURL which I get the response correct as. 

* upload completely sent off: 406 out of 406 bytes
< HTTP/1.1 200 OK
< Access-Control-Allow-Origin: *
< cache-control: max-age=300
< Content-Type: application/json; charset=utf-8
< Date: Mon, 08 Feb 2016 16:52:15 GMT
< Expires: Mon, 08 Feb 2016 16:57:15 GMT
< Content-Length: 542
< Connection: keep-alive

However, when I try with jQuery post I get CORS error.

jQuery.ajax('theURL', {
  contentType: 'application/json',
  method: 'POST',
  data: JSON.stringify({'json'}),
  dataType: 'json',
  crossDomain: true
})

The application is Hapi.js which is really simple as this.

var server = new Hapi.Server();
server.connection({ port: config.port });

Not sure if I'm missing anything?

toy
  • 11,711
  • 24
  • 93
  • 176
  • need to handle OPTIONS requests also which will need header. More to CORS than just one header – charlietfl Feb 08 '16 at 17:24
  • Thanks for the reply. Can you give me an example of what to include in nginx? – toy Feb 08 '16 at 17:26
  • Do you mean this ` add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';`? – toy Feb 08 '16 at 17:28
  • yes... most important that CORS headers get set on OPTIONS requests which occur before main request gets sent. I don't know nginx at all but here's an [apache/php answer](http://stackoverflow.com/a/9866124/1175966) that might help – charlietfl Feb 08 '16 at 17:30

0 Answers0