Nginx node.js proxy with open cors

apis.conf

#
# The default apis server
# This file is in dirextory conf.d

server {
    listen       82 default_server;
    server_name  _;
    access_log  /var/log/nginx/apis.log  main;

    # Load configuration files for the default server block.
    include /etc/nginx/apis.d/*.conf;

    location / {
        # nothing is served by default
    }

    error_page  404              /404.html;
    location = /404.html {
        root   /usr/share/nginx/html;
    }

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

}

cors.conf

# Wide-open CORS config for nginx
# Put in /etc/nginx directory
#
# Add WITHIN a location block: include cors.conf;
# Test from some other machine: curl -Xv OPTIONS http://apis.domain/feedback  -- if you added a feedback api
# From: http://enable-cors.org/server_nginx.html
# and   https://gist.github.com/pauloricardomg/7084524  ## includes SSL setup for the server and selective CORS access

#### Requires nginx version of 1.7.5 or later. See http://stackoverflow.com/a/16308982/64904
# See https://webtatic.com/packages/nginx18/

     if ($request_method = 'OPTIONS') {
        add_header 'Access-Control-Allow-Origin' '*';
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
        #
        # Custom headers and headers various browsers *should* be OK with but aren't
        #
        add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modifi
ed-Since,Cache-Control,Content-Type';
        #
        # Tell client that this pre-flight info is valid for 20 days
        #
        add_header 'Access-Control-Max-Age' 1728000;
        add_header 'Content-Type' 'text/plain charset=UTF-8';
        add_header 'Content-Length' 0;
        return 204;
     }
     if ($request_method = 'POST') {
        add_header 'Access-Control-Allow-Origin' '*' always;
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
        add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modifi
ed-Since,Cache-Control,Content-Type' always;
    }
     if ($request_method = 'GET') {
        add_header 'Access-Control-Allow-Origin' '*' always;
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
        add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modifi
ed-Since,Cache-Control,Content-Type' always;
    }

feedback.conf

# feedback.conf for the feedbackApi
# put in apis.d directory

# Serve static file directly

location ~ ^/feedback/(assets/|images/|img/|javascript/|js/|css/|stylesheets/|flash/|media/|static/|robots.txt|humans.
txt|favicon.ico) {
	
	include cors.conf;

	root /srv/www/yourapp/public/;
	expires 1h; # since this is a test server, we have a short expiration time
}


location /feedback {
	include cors.conf;

        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;
        proxy_pass http://127.0.0.1:3100;
        proxy_redirect off;
#        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";

        proxy_redirect off;
        proxy_set_header   X-Forwarded-Proto $scheme;
#        proxy_cache one;
#        proxy_cache_key sfs$request_uri$scheme;
}