Fix CORS Errors on Nginx

Browsers block cross-origin calls when your API omits Access-Control-Allow-Origin or mishandles OPTIONS. Nginx can terminate CORS at the edge with add_header and a dedicated location for OPTIONS returning 204.

Avoid echoing arbitrary Origin in production unless you validate against an allowlist; misconfigured reflection becomes an open proxy pattern. Pair with correct Vary: Origin when responses differ by caller.

CORSFixer sends a live preflight to your URL and labels the failure mode. See CORS blocked.