change position of acessing $request method

nginx/conf.d/default.conf.template

@@ -9,19 +9,21 @@ server {
     root /usr/share/nginx/html;
     index index.html;
 
-    # --------- Preflight direkt per IF ---------
+
-    if ($request_method = 'OPTIONS') {
-        add_header Access-Control-Allow-Origin "*";
-        add_header Access-Control-Allow-Methods "GET, HEAD, OPTIONS";
-        add_header Access-Control-Allow-Headers "Content-Type,X-API-Key,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type";
-        add_header Access-Control-Max-Age 1728000;
-        add_header Content-Length 0;
-        return 204;
-    }
 
     # ---------- Geschützte Audio-Ressourcen ----------
     location ~* \.(opus|flac|ogg|mp3|wav|m4a|aac)$ {
 
+            # --------- Preflight direkt per IF ---------
+        if ($request_method = "OPTIONS") {
+            add_header Access-Control-Allow-Origin "*";
+            add_header Access-Control-Allow-Methods "GET, HEAD, OPTIONS";
+            add_header Access-Control-Allow-Headers "Content-Type,X-API-Key,Keep-Alive,User-Agent,Cache-Control,Content-Type";
+            add_header Access-Control-Max-Age 1728000;
+            add_header Content-Length 0;
+            return 204;
+        }
+
         # --- Key-Check (nur GET/HEAD) ---
         if ($request_method != "OPTIONS") {
             if ($http_x_api_key != "${MEDIA_API_KEY}") {
@@ -32,7 +34,7 @@ server {
         # --- CORS & Cache ---
         add_header Access-Control-Allow-Origin "*";
         add_header Access-Control-Allow-Methods "GET, HEAD, OPTIONS";
-        add_header Access-Control-Allow-Headers "Content-Type, X-API-Key,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type";
+        add_header Access-Control-Allow-Headers "Content-Type, X-API-Key,Keep-Alive,User-Agent,Cache-Control,Content-Type";
         add_header Cache-Control "public, max-age=2592000" always;
 
         # fehlende MIME-Types