The simplest, but the least secure configuration
add_header Access-Control-Allow-Origin *; add_header Access-Control-Allow-Methods *; add_header Access-Control-Allow-Headers *;
Use the always parameter
In some cases, Nginx did not return the header we set. For example, in 404, our custom header will not be returned.
This is because only when the response code is 200, 201 (1.3.10), 204, 206, 301, 302, 303, 304, 307 (1.1.16, 1.0.13), or 308 (1.13.0) Respond to specific headers.
If you want to solve this problem, you need to use the always keyword:
add_header Access-Control-Allow-Origin * always; add_header Access-Control-Allow-Methods * always; add_header Access-Control-Allow-Headers * always;
references
Module ngx_http_headers_module/add_header
Allowing cross origin requests (CORS) on Nginx for 404 responses