Access-Control-Allow-Origin header is not include in response when using a POST request

Question

I have the following in my nginx config:

location / {
    # CORS
    add_header 'Access-Control-Allow-Origin' '*';
    add_header 'Access-Control-Allow-Methods' 'GET, POST' always;

    proxy_pass http://localhost:8080/guacamole/;  # systemd: tomcat9
    proxy_buffering off;
    proxy_http_version 1.1;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $http_connection;
    proxy_cookie_path /guacamole/ /;
    access_log off;
}

When I send a POST request to the server, the Access-Control-Allow-Origin header is not present in the response. It is, however, when I send a GET request. Any ideas why?

score 0 · Accepted Answer · answered Apr 08 '20 at 21:48

I seems that the proxy was overriding the Access-Control-Allow-Origin header in the response. I fixed this by adding always:

    # CORS
    add_header 'Access-Control-Allow-Origin' '*' always;
    add_header 'Access-Control-Allow-Methods' 'GET, POST' always;

Access-Control-Allow-Origin header is not include in response when using a POST request

1 Answers1