location = /logout {
    # Proxy to the logout service
    proxy_pass         http://127.0.0.1:{{ ports.localhost.http['web-svc-logout'] }}/logout;
    proxy_set_header   Host              $host;
    proxy_set_header   X-Real-IP         $remote_addr;
    proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
    proxy_set_header   X-Forwarded-Proto $scheme;
    proxy_http_version 1.1;

    # CORS headers – allow your central page to call this
    add_header 'Access-Control-Allow-Origin'  '{{ domains | get_url('web-svc-logout', web_protocol) }}' always;
    add_header 'Access-Control-Allow-Credentials' 'true'                     always;
    add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS'               always;
    add_header 'Access-Control-Allow-Headers' 'Accept, Authorization'     always;

    # Handle preflight
    if ($request_method = OPTIONS) {
      return 204;
    }
}