54

I'm developing an ember.js app with a laravel backend. I'm trying to return http error codes with php if something goes awry. I've noticed that when issue a PUT request and return a 400 status code, my CORS headers get ignored by my conf file which breaks my ember frontend. I have no idea why the PUT/400 code combo makes nginx ignore my conf. Any help would be much appreciated. 

 server {
  listen                *:80 ;

  server_name           userchamp.com;
  access_log            /var/log/nginx/embertest.com.access.log;

  location / {

    root  /var/www/embertest/public;
    try_files  $uri  $uri/  /index.php?$args ;
    index  index.html index.htm index.php;

  }

  location ~ \.php$ {

        if ($request_method = 'OPTIONS') {

        add_header 'Access-Control-Allow-Origin' '*';
        add_header 'Access-Control-Allow-Credentials' 'true';
        add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS';
        add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
        add_header 'Access-Control-Max-Age' 1728000;
        add_header 'Content-Type' 'text/plain charset=UTF-8';
        add_header 'Content-Length' 0;

        return 204;
     }

     if ($request_method = 'POST') {

        add_header 'Access-Control-Allow-Origin' '*';
        add_header 'Access-Control-Allow-Credentials' 'true';
        add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS';
        add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';

     }

     if ($request_method = 'PUT') {

        add_header 'Access-Control-Allow-Origin' '*';
        add_header 'Access-Control-Allow-Credentials' 'true';
        add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE OPTIONS';
        add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
     }
     if ($request_method = 'GET') {

        add_header 'Access-Control-Allow-Origin' '*';
        add_header 'Access-Control-Allow-Credentials' 'true';
        add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS';
        add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';

     }

     if ($request_method = 'DELETE') {

        add_header 'Access-Control-Allow-Origin' '*';
        add_header 'Access-Control-Allow-Credentials' 'true';
        add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS';
        add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';

     }
    root  /var/www/embertest/public;
    try_files  $uri  $uri/  /index.php?$args ;
    index  index.html index.htm index.php;
    fastcgi_index index.php;
    fastcgi_param PATH_INFO $fastcgi_path_info;
    fastcgi_param  PATH_TRANSLATED $document_root$fastcgi_path_info;
    fastcgi_param   SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param    APP_ENV dev;
    fastcgi_param     APP_DBG true;
    fastcgi_pass unix:/var/run/php5-fpm.sock;
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    include fastcgi_params;
  }
}
Improve this question

1 Answer 1

Reset to default
116

For nginx >= 1.7.5

Append "always" to the header definition: 

add_header 'Access-Control-Allow-Origin' '*' always;

For nginx < 1.7.5

According to the nginx official document of ngx_header_module, the add_header can't work when response code is 400

syntax:     add_header name value;
default:    —
context:    http, server, location, if in location


Adds the specified field to a response header provided that the response code equals 
200, 201, 204, 206, 301, 302, 303, 304, or 307. A value can contain variables.

In another way, you can try the HttpHeadersMoreModule, which is more powerful.

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

If you use nginx >= 1.7.5, you can add third parameter named 'always' and it will work even with error response codes.
you should add "always" to every header you want with response.stuck here...
@simon, you should've posted this as answer so it get as much upvotes.
Oh dear... It feels like the phrasing in Nginx docs "...provided that the response code equals..." is too vague without words "if", "when", and "only". For example, "...when and only when the upstream response status equals one of the following..., otherwise no header will be added." Also, what is the reasoning behind this, and why not have "always" behavior set by default? Is it so to not write down all the current default response codes in the directive parameters? Exclude some statuses?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.