I'm running into a weird problem with nginx and how it evaluates conditionals.
Here's the relevant configuration:
set $cors FALSE;
if ($http_origin ~* (http://example.com|http://dev.example.com:8000|http://dev2.example.com)) {
set $cors TRUE;
}
if ($request_method = 'OPTIONS') {
set $cors $cors$request_method;
}
if ($cors = 'TRUE') {
add_header 'Access-Test' "$cors";
add_header 'Access-Control-Allow-Origin' "$http_origin";
add_header 'Access-Control-Allow-Methods' 'POST, OPTIONS';
add_header 'Access-Control-Max-Age' '1728000';
}
if ($cors = 'TRUEOPTIONS') {
add_header 'Access-Test' "$cors";
add_header 'Access-Control-Allow-Origin' "$http_origin";
add_header 'Access-Control-Allow-Methods' 'POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'X-Requested-With, X-Prototype-Version';
add_header 'Access-Control-Max-Age' '1728000';
add_header 'Content-Type' 'text/plain';
}
So, the conditional blocks never trigger.
When I remove the conditions, I see that the "Access-Test" header and the "Access-Control-Allow-Origin" set correctly, but, as noted, enabling the conditionals causes the headers not to be sent.
I'm testing by running:
curl -Iv -i --request "OPTIONS" -H "Origin: http://example.com" http://staging.example.com/
Am I missing something obvious? I've tried the "if" with and without quotes, etc.
This is nginx 1.2.9.
OK, I apparently needed to add explicit "return" statements in the conditional blocks before the add_header lines will trigger properly.
So, something like: