From d8464b603ed3ef41e36d407dc4600b4350374099 Mon Sep 17 00:00:00 2001
From: William Pitcock <nenolod@dereferenced.org>
Date: Sun, 1 Apr 2018 01:25:33 -0500
Subject: [PATCH] nginx: document how to enable CORS support

---
 installation/pleroma.nginx | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/installation/pleroma.nginx b/installation/pleroma.nginx
index 25f6dadff..11dc6456c 100644
--- a/installation/pleroma.nginx
+++ b/installation/pleroma.nginx
@@ -28,7 +28,16 @@ server {
     gzip_http_version 1.1;                                                                                                                
     gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/activity+json application/atom+xml;      
     location / {
-        add_header 'Access-Control-Allow-Origin' '*';
+        # if you do not want remote frontends to be able to access your Pleroma backend
+        # server, remove these lines.
+        add_header 'Access-Control-Allow-Origin' '*' always;
+        add_header 'Access-Control-Allow-Methods' 'POST, GET, OPTIONS' always;
+        add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type' always;
+        if ($request_method = OPTIONS) {
+            return 204;
+        }
+        # stop removing lines here.
+
         proxy_http_version 1.1;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection "upgrade";