xutil.dev
Login

CORS Policy Generator

Build Cross-Origin Resource Sharing policies interactively. Generate CORS configuration code for Nginx, Apache, Express, Django, Spring Boot, and more

Related Categories:Web
Presets
Allowed Origins

Wildcard (*) allows access from all origins. It is recommended to specify specific origins in production.

Allowed Methods
Allowed Headers
AcceptX-Requested-WithX-API-KeyX-CSRF-TokenCache-ControlIf-None-Match
Content-TypeAuthorization
Expose Headers

Specify response headers that should be accessible to browser JavaScript.

Other Settings
24h 0m
Generated Code
Nginx
location / {
    add_header Access-Control-Allow-Origin "*" always;
    add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
    add_header Access-Control-Allow-Headers "Content-Type, Authorization" always;
    add_header Access-Control-Max-Age 86400 always;

    # Handle preflight requests
    if ($request_method = OPTIONS) {
        return 204;
    }
}