add access control allow origin in nginx discourse.conf

Question

So i have an application on forums.awake-gaming.com and have a page on awake-gaming.com which POST a form to forums.awake-gaming.com via ajax .

As Expected i get an

XMLHttpRequest cannot load http://forums.awake-gaming.com/posts. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://awake-gaming.com' is therefore not allowed access.

So, as i have access to the server, i added this in the discourse.conf file under nginx/conf.d directory.

add_header Access-Control-Allow-Origin  "http://awake-gaming.com/join-us.html";
add_header Access-Control-Allow-Methods: "GET, PUT, POST, DELETE, OPTIONS";
add_header Access-Control-Allow-Headers: "Content-Type, Authorization, X-Requested-With";

I restarted nginx and tried to submit the form again, In Theory, this should work but i still get the same error in console :

And the ajax call didn't return success either. but weird enough, the data is posted to the forums.awake-gaming.com and it is posted(via discourse api).

So were i went wrong?, i tried to ask at meta.discourse.org but they said that it is some problem with nginx and not with discourse. Is adding the header in .conf file is enough ? or i need to do something with rails as well?

Answer 1

I think you need to specify just "http://awake-gaming.com", not "http://awake-gaming.com/join-us.html" for Access-Control-Allow-Origin value, as the error message says. Actually, if you're using Chrome, it will tell something like "The 'Access-Control-Allow-Origin' whitelists only 'http://awake-gaming.com/join-us.html'. Origin 'http://awake-gaming.com' is not in the list, and is therefore not allowed access."

On a side note, there are extra colons after Access-Control-Allow-Methods and Access-Control-Allow-Headers, you better remove them, but I don't think they're the culprit here.