...

add_header 'Access-Control-Allow-Origin' '$http_origin';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE, HEAD';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Headers' 'Origin,Content-Type,Accept,Authorization';

location / {
    try_files $uri $uri/ /index.php$is_args$args;
        if ($request_method = 'OPTIONS') {
		add_header 'Access-Control-Allow-Origin' '$http_origin';
		add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE, HEAD';
		add_header 'Access-Control-Max-Age' '1728000';
		add_header 'Access-Control-Allow-Credentials' 'true';
		add_header 'Access-Control-Allow-Headers' 'Origin,Content-Type,Accept,Authorization';
		add_header 'Content-Type' 'text/plain; charset=UTF-8';
		add_header 'Content-Length' '0';
		return 204;
	}
}

...