Last active
April 24, 2025 07:36
-
-
Save cb109/5793edb63288b5df558d552c9cbbf426 to your computer and use it in GitHub Desktop.
nginx CORS header for Django media (and django-filer) resources
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Explicitly set Access-Control-Allow-Origin header for certain | |
| # responses and domains that ask for files. This helps e.g. with test | |
| # setups on the development machine and an accompanying smartphone | |
| # (assuming we point it to the machine's IP in local network, 10.33.1.XX | |
| # here), as well as production setups that involve several domains. | |
| # | |
| server { | |
| ... | |
| # django-filer has unchanging canonical URLs for any uploaded files, | |
| # but to allow fetching them from a different domain we need to setup | |
| # CORS headers explicitly, so the browser won't discard the request. | |
| location /filer/canonical { | |
| if ($http_origin ~ '^http://localhost|^http://10\.33\.1\.\d+|^https://sub\.company\.com$') { | |
| add_header Access-Control-Allow-Origin "$http_origin"; | |
| } | |
| # Proxy to the Django app running at :8000. | |
| proxy_pass http://127.0.0.1:8000; | |
| } | |
| location /media { | |
| if ($http_origin ~ '^http://localhost|^http://10\.33\.1\.\d+|^https://sub\.company\.com$') { | |
| add_header Access-Control-Allow-Origin "$http_origin"; | |
| } | |
| alias /var/www/media/; | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment