+ allowing * domains for acceptable connections by cors politic - allowing downloading files from uploads dir from scripting download

config/nginx/includes.d/octobercms.conf

@@ -1,4 +1,3 @@
-
 location / {
     rewrite ^/.*$ /index.php last;
 }
@@ -8,14 +7,24 @@
 }
 
 # Whitelist
+
 ## Let October handle if static file not exists
+
 location = /favicon.ico { try_files $uri /index.php; }
 location ~ ^/.*\.xml { try_files $uri /index.php; }
 location = /robots.txt { try_files $uri /index.php; }
 location = /humans.txt { try_files $uri /index.php; }
 
 ## Let nginx return 404 if static file not exists
-    location /storage/app/uploads/public { try_files $uri /404; }
+
+location /storage/app/uploads/public {
+    # add proxy cors headers
+    add_header Access-Control-Allow-Headers "*" always;
+    add_header Access-Control-Allow-Methods "*" always;
+    add_header Access-Control-Allow-Origin  "*" always;
+    try_files $uri /404;
+}
+
 location /storage/app/media { try_files $uri /404; }
 location /storage/app/yml { try_files $uri /404; }
 location /storage/app/docx { try_files $uri /404; }