• 1 year

    1 year

    YetiShare / Core


CORS Error When Using xAccelRedirect On "Direct" File Servers


When using "direct" file server storage with xAccelRedirect enabled, you see an error in the browser console similar to the following:

Access to audio at '' from origin '' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.


On certain versions of Nginx, the custom headers set by the script are removed. You can fix this by adding them to the Nginx config file, the same place as your rewrite rules for the Yetishare script. On your file server(s) in:


Replace the /files/ section with:

location /files/ {
    # support cross domain requests (CORS), needed when xAccelRedirect is enabled on file servers
    add_header Access-Control-Allow-Origin;
    add_header Access-Control-Allow-Headers "Content-Type, Content-Range, Content-Disposition, Content-Description";
    add_header Access-Control-Allow-Credentials true;

Ensure you replace with your domain name and restart Nginx.