nginx CORS writing headers for all methods

nginx_cors.conf

set $cors '';

if ($http_origin ~* (https?://.*\.foobar\.com(:[0-9]+)?)) {
    set $cors "true";
}

if ($request_method = 'OPTIONS') {
    set $cors "${cors}options";  
}

if ($request_method = 'GET') {
    set $cors "${cors}get";  
}

if ($request_method = 'POST') {
    set $cors "${cors}post";
}

if ($request_method = 'PUT') {
    set $cors "${cors}put";
}

if ($request_method = 'DELETE') {
    set $cors "${cors}delete";
}

if ($cors = "trueget") {
    add_header 'Access-Control-Allow-Origin' "$http_origin" always;
    add_header 'Access-Control-Allow-Credentials' 'true' always;
}

if ($cors = "truepost") {
    add_header 'Access-Control-Allow-Origin' "$http_origin" always;
    add_header 'Access-Control-Allow-Credentials' 'true' always;
}

if ($cors = "trueput") {
    add_header 'Access-Control-Allow-Origin' "$http_origin" always;
    add_header 'Access-Control-Allow-Credentials' 'true' always;
}

if ($cors = "truedelete") {
    add_header 'Access-Control-Allow-Origin' "$http_origin" always;
    add_header 'Access-Control-Allow-Credentials' 'true' always;
}

if ($cors = "trueoptions") {
    add_header 'Access-Control-Allow-Origin' "$http_origin" always;
    add_header 'Access-Control-Allow-Credentials' 'true' always;
    add_header 'Access-Control-Max-Age' 1728000;
    add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
    add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since' always;
    add_header 'Content-Length' 0;
    add_header 'Content-Type' 'text/plain charset=UTF-8';
    return 204;
}