diff options
| author | William Pitcock <nenolod@dereferenced.org> | 2018-04-01 01:25:33 -0500 |
|---|---|---|
| committer | William Pitcock <nenolod@dereferenced.org> | 2018-04-01 01:28:27 -0500 |
| commit | d8464b603ed3ef41e36d407dc4600b4350374099 (patch) | |
| tree | 07af808f5bdebacf4a45545260ffae06e14293cb /installation | |
| parent | 5fa8237bc1dcabca050dc5d8d9325fec649e1723 (diff) | |
| download | pleroma-d8464b603ed3ef41e36d407dc4600b4350374099.tar.gz pleroma-d8464b603ed3ef41e36d407dc4600b4350374099.zip | |
nginx: document how to enable CORS support
Diffstat (limited to 'installation')
| -rw-r--r-- | installation/pleroma.nginx | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/installation/pleroma.nginx b/installation/pleroma.nginx index 25f6dadff..11dc6456c 100644 --- a/installation/pleroma.nginx +++ b/installation/pleroma.nginx @@ -28,7 +28,16 @@ server { gzip_http_version 1.1; gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/activity+json application/atom+xml; location / { - add_header 'Access-Control-Allow-Origin' '*'; + # if you do not want remote frontends to be able to access your Pleroma backend + # server, remove these lines. + add_header 'Access-Control-Allow-Origin' '*' always; + add_header 'Access-Control-Allow-Methods' 'POST, GET, OPTIONS' always; + add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type' always; + if ($request_method = OPTIONS) { + return 204; + } + # stop removing lines here. + proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; |