NGINX Response Header missing Access-Control-Allow-Origin header when uWSGI - Djago application timesout

Our project is using the typical setup with a NGINX application gateway, uWSGI application container and a Django application. Django is configured using cors middleware and successfully handles requests from cross domains. However, one of our endpoints tars large files for download, which can take a significant amount of time. If it takes too long uWSGI times out and NGINX returns a response that lacks Access-Control-Allow-Origin header. We have increased uwsgi_connect_timeout and uwsgi_read_timeout values in the NGINX config to address most cases.

Since, Django is handling cors and thus the Access-Control-Allow-Origin header, NGINX doesn't have those values to return to the client. Does anyone know what uWSGI or NGINX settings I need to get the correct headers?

A simplified version of our nginx config:

    upstream results_uwsgi {
        server unix:///opt/app_manager/app_manager.sock;

    server {
        listen 80;
        server_name \$hostname;
        return 301 https://\$host\$request_uri/;

    server {

        listen 443 http2 ssl;
        listen [::]:443 http2 ssl;

        server_name \$hostname;
        charset     utf-8;
        stub_status on;

        # adjust to taste
        client_max_body_size 75M;
        large_client_header_buffers 4 128k;

        location / {
            uwsgi_pass  results_uwsgi;
            include     uwsgi_params;

        location /api {
            uwsgi_connect_timeout 10000s;
            uwsgi_read_timeout 10000s;
            sendfile on;
            uwsgi_pass  results_uwsgi;
            include     uwsgi_params;

Our uWSGI configuration:


app_root = /opt/app_manager

# emperor = /etc/uwsgi/vassals
chdir           = %(app_root)
module          = api.wsgi

# process-related settings
# master
master          = true

# maximum number of worker processes
processes       = 10

# the socket (use the full path to be safe)
socket          = /opt/app_manager/app_manager.sock
chmod-socket    = 666

buffer-size     = 131072

auto_procname   = true

# clear environment on exit
vacuum          = true
# logging
logdate = True
logto = /var/log/app_manager.log
log-maxsize = 10000000

Thanks in advance.


Tried adding add_header 'Access-Control-Allow-Origin' $http_origin always;

to the location /api {} section. Which causes a server error.

Back to Top