Learn about Centmin Mod LEMP Stack today
Register Now

Nginx CORS Headers

Discussion in 'Nginx, PHP-FPM & MariaDB MySQL' started by Matt Williams, Feb 6, 2015.

  1. Matt Williams

    Matt Williams WordPress Fanatic

    537
    104
    43
    Nov 22, 2014
    Virginia, USA
    Ratings:
    +157
    Local Time:
    10:13 PM
    latest
    10
    When I apply MaxCDN to any site, Font awesome ( web fonts ) disappears. I've added

    location ~ \.(js|css|png|jpg|jpeg|gif|ico|html|woff|ttf|svg|eot|otf)$ {
    add_header "Access-Control-Allow-Origin" "*";
    expires 1M;
    access_log off;
    add_header Cache-Control "public";
    }


    In the /usr/local/nginx/conf/staticfiles.conf but it's still giving me an issue. It doesn't load the headers. It's like something is blocking it but I can't figure out what it could be. I have spent hours with MaxCDN tech support to nothing working. Hopefully someone here will have the right answer...
     
  2. eva2000

    eva2000 Administrator Staff Member

    53,614
    12,139
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,683
    Local Time:
    12:13 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    maybe MaxCDN's own header management overriding your local headers ? Use browser's dev tool network and console tabs to troubleshoot your site's page loading :)

    Also try

    Code:
    add_header Access-Control-Allow-Origin "*";
    see How to use CDN with Webfonts | MaxCDN One and Edge Rules Recipes | MaxCDN One

    I use KeyCDN and they have option on their edge servers for CORS for this cors_enabled.png
     
    Last edited: Feb 7, 2015
  3. AKIN SENOL

    AKIN SENOL Member

    36
    3
    8
    Oct 17, 2014
    London
    Ratings:
    +8
    Local Time:
    3:13 AM
    1.9.12
    10.1.12
    I found some information in Mozilla Developer site HTTP access control (CORS) - HTTP | MDN

    I think, our nginx header conf need some Preflighted requests e.g.
    Access-Control-Request-Method: POST
    Access-Control-Request-Headers: X-PINGOTHER

    And the other Access-Control-Expose-Headers e.g.
    Access-Control-Expose-Headers: X-My-Custom-Header, X-Another-Custom-Header

    And Access-Control-Allow-Credentials e.g.
    Access-Control-Allow-Credentials: true | false

    What do you think @eva2000
     
  4. eva2000

    eva2000 Administrator Staff Member

    53,614
    12,139
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,683
    Local Time:
    12:13 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    honestly not entirely sure that is needed, if CDN provider properly handles their added headers for CORS, you shouldn't need to do anything on Nginx level. I use KeyCDN and it properly provides the CORS header for CDN specially served content.
     
  5. AKIN SENOL

    AKIN SENOL Member

    36
    3
    8
    Oct 17, 2014
    London
    Ratings:
    +8
    Local Time:
    3:13 AM
    1.9.12
    10.1.12
    Last edited: Feb 25, 2015
  6. eva2000

    eva2000 Administrator Staff Member

    53,614
    12,139
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,683
    Local Time:
    12:13 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    If you use your own CDN, then you should use your own domain name which for me would bypass any CORS restrictions I think?.

    Using CORS - HTML5 Rocks

    I've been working on and developing my own GeoDNS SPDY SSL based CDN for private use and not having such with the mini rollout I tested on some of my sites. But definitely yes we need to work this out on Nginx level if possible as clearly not all CDN providers have CORS support :)