I'm trying to make an ajax call to Site A from Site B. I've edited the nginx-site.conf file and removed the #ddev-generated comment so my changes aren't removed on ddev restart.
This was added in the nginx config:
location / {
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' 'https://craft-b.ddev.site';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
add_header 'Access-Control-Max-Age' 3600;
add_header 'Content-Type' 'text/plain; charset=utf-8';
add_header 'Content-Length' 0;
return 204;
}
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
absolute_redirect off;
try_files $uri $uri/ /index.php?$query_string;
}
The error I still receive:
"Access to fetch at 'https://craft-a.ddev.site/actions/login-share/test' from origin 'https://craft-b.ddev.site' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled."
Not sure if there's additional config I need to do that relates to DDEV. There was an old Github issue I was trying to follow from 2018, but I didn't really see anything relevant.