123if ($http_origin ~* (.trustedhost.com)) { add_header Access-Control-Allow-Origin "$http_origin"; }