server
........
add_header Access-Control-Allow-Origin $http_origin;
add_header Access-Control-Allow-Methods GET,POST,PUT,OPTIONS,DELETE,PATCH;
add_header Access-Control-Allow-Credentials true;
add_header Access-Control-Allow-Headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,userId,token,vcode,channelcode,Accept,adminToken,admintoken;
add_header Access-Control-Max-Age 1728000;
if ($request_method = OPTIONS ) { return 204; }
........