add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, OPTIONS' always; if ($request_method !~ ^(GET|POST|PUT|OPTIONS)$) { return 405; }