server {
    ...
    location / {
        add_header Access-Control-Allow-Origin *;
        add_header Access-Control-Allow-Methods 'POST, GET, OPTIONS, DELETE, PATCH, PUT';
        add_header Access-Control-Allow-Headers 'DNT,Keep-Alive,User-Agent,Cache-Control,Content-Type,Authorization,Token';

        if ($request_method = 'OPTIONS') {
            add_header Access-Control-Max-Age 86400; #减少预检请求
            add_header Content-Type 'text/plain; charset=utf-8';
            add_header Content-Length 0;
            return 204;
        }
        ...
    }
}