add_header "Access-Control-Allow-Methods" "GET,POST,OPTIONS,PUT,DELETE";
add_header "Access-Control-Allow-Credentials" "true";
add_header "Access-Control-Allow-Origin" "$http_origin";
add_header "Access-Control-Allow-Headers" "prelogid,Authorization,DNT,User-Agent,Keep-Alive,Content-Type,accept,origin,X-Requested-With,traceid,rpcid";
more_set_headers 'Access-Control-Allow-Origin:*' 'Access-Control-Allow-Credentials:true' 'Access-Control-Allow-Methods:HEAD, GET, POST, PUT, PATCH, DELETE, OPTIONS, TRACE' 'Access-Control-Allow-Headers:Origin, X-Requested-With, Content-Type, Accept, Cache-Control, Token, Code' 'Access-Control-Expose-Headers:Content-Disposition';