381
Comment:
|
656
|
Deletions are marked like this. | Additions are marked like this. |
Line 16: | Line 16: |
* Nginx set cors using map to check for $http_origin match {{{ map $http_origin $cors_header { default ""; "~^https?://(localhost|www\.yourdomain\.com" "$http_origin always"; } server { more_set_headers "Access-Control-Allow-Origin: $cors_header"; }}} |
Web security links
2018 JavaScript and XSS
CORS
- Test cors headers with
curl -H "Origin: https://mydomain.nz" -H "Access-Control-Request-Method: GET" -H "Access-Control-Request-Headers: X-Requested-With" -X OPTIONS --verbose https://vigor.nz 2>&1 | grep -i "access\|cors"
Nginx set cors using map to check for $http_origin match
map $http_origin $cors_header { default ""; "~^https?://(localhost|www\.yourdomain\.com" "$http_origin always"; } server { more_set_headers "Access-Control-Allow-Origin: $cors_header";
...