Assumptions:
- WordPress is installed at the root of
$host
- WordPress Webfinger is installed - available at Wordpress.org or Github
location ~ /.well-known/webfinger {
# add_header 'Access-Control-Allow-Origin' '*';
if ($arg_resource = "") {
return 400;
}
rewrite ^ $scheme://$host/?well-known=webfinger$1 last;
}
location ~ /.well-known/webfinger
- applies the rules inside the block when the url matches the location specified
~
instructs nginx to perform a case-sensitive regular expression match
add_header 'Access-Control-Allow-Origin' '*'
Access-Control-Allow-Origin
Indicates whether the response can be shared with requesting code from the given origin*
tells browsers to allow requesting code from any origin to access the resource- Note: I learned that this header is added automatically by the Webfinger Plugin, so it can be safely omitted
if ($arg_resource = "") { return 400; }
- Sends a 400 Bad Request error if the resource parameter is empty
rewrite ^ $scheme://$host/index.php?well-known=webfinger$1 last;
- The redirect itself, which points to the output generated by the Webfinger Wordpress Plugin
$1
last
tells nginx to stop parsing rewrite rules after this one is matched