Nginx CORS buster. For apache check https://gist.github.com/pablorsk/97c9cdab3555e31e2ee8193e3ad7d03c

nginx.conf

add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS,DELETE,PUT';
add_header 'Access-Control-Allow-Headers' 'authorization,content-type,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control';

if ($request_method = 'OPTIONS') {
  add_header 'Access-Control-Max-Age' 1728000;
  
  add_header 'Access-Control-Allow-Credentials' true;
  add_header 'Content-Security-Policy' 'default-src "self"';
  
  # add_header 'Content-Type' 'text/plain; charset=utf-8';
  # add_header 'Content-Length' 0;
  return 204;
} else {
  add_header 'Access-Control-Expose-Headers' 'authorization,content-type,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control';
}

z2-ngconfg-problem-with-if.conf

add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS,DELETE,PUT';
add_header 'Access-Control-Allow-Headers' 'authorization,content-type,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control';
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Access-Control-Allow-Credentials' true;
add_header 'Content-Security-Policy' 'default-src "self"';

if ($request_method = 'OPTIONS') {
    return 204;
}

z5-more-options.md

https://stackoverflow.com/questions/27955233/nginx-config-for-cors-add-header-directive-is-not-allowed?answertab=votes#tab-top

https://enable-cors.org/server_nginx.html

why have problem with if? https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/