I am hoping to get some guidance on sending Access-Control-Allow-Origin for multiple domains. The answer I have temporarily settled on is this:
location /somelocation/ {
try_files $uri $uri/ @rewrite;
expires 1h;
if ($http_origin ~ "^(https://www.cors.domain1.com|https://www.cors.domain2.com)") {
add_header 'Access-Control-Allow-Origin' $http_origin;
}
add_header 'Access-Control-Allow-Origin' 'https://www.cors.domain1.com';
}
(There are some more options but that information is not really relevant to my question)
I was reading that if statements can be a bad thing in a Location Block and a co-worker said that he thought this would get processed for EVERY call (even if it doesn't match the location). This seems like a common use case to me and I was wondering if this was the correct way to handle it or if there is a better/correct way to do it.
Thanks.
location /somelocation/ {
try_files $uri $uri/ @rewrite;
expires 1h;
if ($http_origin ~ "^(https://www.cors.domain1.com|https://www.cors.domain2.com)") {
add_header 'Access-Control-Allow-Origin' $http_origin;
}
add_header 'Access-Control-Allow-Origin' 'https://www.cors.domain1.com';
}
(There are some more options but that information is not really relevant to my question)
I was reading that if statements can be a bad thing in a Location Block and a co-worker said that he thought this would get processed for EVERY call (even if it doesn't match the location). This seems like a common use case to me and I was wondering if this was the correct way to handle it or if there is a better/correct way to do it.
Thanks.