Nginx CORS headers lost onnon-200 responses

Question

I have this configuration:

server {
listen 8443 ssl http2;
listen [::]:8443 ssl http2;
server_name someserver;
ssl on;
ssl_certificate /etc/letsencrypt/live/someserver/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/someserver/privkey.pem;
ssl_session_cache   shared:SSL:20m;
ssl_session_timeout 10m;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers somehash!MD5;
ssl_stapling on;
ssl_trusted_certificate /etc/letsencrypt/live/someserver/fullchain.pem;
location / {
proxy_set_header    X-Forwarded-Proto https;
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
proxy_pass       http://127.0.0.1:8000/;
}
}

When response from :8000 is 200 OK, there is Access-Control-* headers, but when there is another response, it's lost

score 0 · Accepted Answer · answered Sep 26 '19 at 03:13

Need to add "always" on the end of add_header

add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always;

Nginx CORS headers lost onnon-200 responses

1 Answers1