How do I add a response header to MODX Cloud web rules?

Trying to add this to my Cloud Web Rules:
add_header Access-Control-Allow-Origin “*”;

Added to the location block at the end of the rules, just before the try_files… friendly URLs lines. But the header does not get added. Is there another way to do this?
Note: have also tried with single and double quotes around the header name.

Normally you do it for specific assets as follows. We need to add this to our docs.

location ~* \.(eot|ttf|woff|woff2)$ {
   add_header Access-Control-Allow-Origin *;

You can change the asset extensions as needed. You do this before the main location block.

Thanks Jay. And if I want to allow access to page content too… How would that be done?


Sorry for the really long delay. I’m not sure what you’re asking here? Normally, pages or content itself doesn’t have issues with CORS unless you’re iframing or embedding across domains. Could you explain the use case? Are we talking about static files?

Hi Jay, the use case is to allow cross-origin requests between 2 sites. Would like to test first with the wildcard but the goal would be to allow a single domain (or list of allowed domains). Example:


I’ve not tested this but it may work doing the following but i am skeptical and I am not fully certain as to how to solve this in Cloud. I still feel we’re missing the full example use case here. I also don’t know if $host is the rigth server variable to use. I’m wondering if $http_referrer might be. Nginx configs are not my personal forté.

set $cors "";

if ($host = "") {
        set $cors "true";
if ($host = "") {
        set $cors "true";
location / {
    if ($cors = "true") {
        add_header 'Access-Control-Allow-Origin' "$host";

The caveat with this is that this may not work and in the nginx community, there is a longstanding consideration that if inside location blocks doesn’t work as one might expect.

For in depth discussion about a specific cloud configuration, it might make sense to hit up and we can come back with a generic response for here.

Thanks Jay - I try and test this.