add_header Access-Control-Allow-Origin $http_origin always; add_header Access-Control-Allow-Methods 'POST,GET,PUT,PATCH,OPTIONS,DELETE'; add_header Access-Control-Max-Age '3600'; add_header Access-Control-Allow-Headers $http_access_control_request_headers; add_header Access-Control-Allow-Credentials 'true'; if ($request_method = 'OPTIONS') { return 200; }