Here is the code:

location ~ \.php$ {
include snippets/fastcgi-php.conf;
include fastcgi_params;
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
fastcgi_param SCRIPT_FILENAME /var/www/test/public$fastcgi_script_name;

#CORS SETTINGS
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, OPTIONS, DELETE';
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-
Control,Content-Type,Content-Range,Range,Authorization';
}


ERROR
invalid number of arguments in "add_header"

CAUSE
add_header 'Access-Control-Allow-Origin' '*' always;
when I do add the word "always"

This error typically occurs in web development when making cross-origin requests. This error is related to the same-origin policy implemented by web browsers for security reasons. The same-origin policy restricts web pages from making requests to a different domain unless the server explicitly allows it by including the 'Access-Control-Allow-Origin' header in the response. To resolve this issue, the server hosting the requested resource needs to include the appropriate 'Access-Control-Allow-Origin' header, specifying the domain or origins allowed to access the resource. This can be done by configuring the server's response headers or by using server-side middleware or frameworks that handle cross-origin requests.

JSON with Padding is just a way to circumvent same-origin policy, when CORS is not an option. This is risky and a bad practice. Avoid using this.

If you want to bypass that restriction when fetching the contents with fetch API or XMLHttpRequest in javascript, you can use a proxy server so that it sets the header Access-Control-Allow-Origin to *.

If you need to enable CORS on the server in case of localhost, you need to have the following on request header.

Access-Control-Allow-Origin: http://localhost:9999

https://net-informations.com/q/js/cors-policy.html