NGINX add_header, adding multiple headers

Well, yes, nginx is combining the identically named headers.. but it's doing so in accordance with the HTTP spec. See section 4.2.

The header:

Access-Control-Allow-Origin: http://dev.anuary.com, https://dev.anuary.com

Is, according to the HTTP/1.1 spec, functionally equivalent to:

Access-Control-Allow-Origin: http://dev.anuary.com
Access-Control-Allow-Origin: https://dev.anuary.com

If you have a system or application that is capable of reading one format and not the other, then it's the problem. nginx is doing it right.

EDIT:

The Mozilla documentation states that there can only be one Access-Control-Allow-Origin header.

The formatting of it (see here) should be a space-delimited list of origins:

add_header Access-Control-Allow-Origin "http://dev.anuary.com https://dev.anuary.com";

But really, you're supposed to be echoing the Origin header supplied by the client instead of generating one out of the blue. This is probably more appropriate:

if ($http_origin ~* "^https?://dev\.anuary\.com$" ) {
    add_header Access-Control-Allow-Origin $http_origin;
}

I was facing the same issue as multiple sub domains in my network trying to access resources and nginx was not setup properly. Here is how I fixed it.

add_header Access-Control-Allow-Origin https://*.your-domain-name.com;

I hope this helps.