From 634744cd71fa6b08f3837584bc1d24fc8c75138c Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Thu, 6 Jun 2024 12:17:25 +0200 Subject: [PATCH] hide the header Access-Control-Allow-Origin before adding it. --- templates/nginx-cors.conf.j2 | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/templates/nginx-cors.conf.j2 b/templates/nginx-cors.conf.j2 index 1f3af86..703fd8d 100644 --- a/templates/nginx-cors.conf.j2 +++ b/templates/nginx-cors.conf.j2 @@ -1,6 +1,7 @@ {% if nginx_cors_extended_rules %} if ($request_method = 'OPTIONS') { {% if nginx_cors_limit_origin %} + proxy_hide_header Access-Control-Allow-Origin; add_header 'Access-Control-Allow-Origin' '{{ nginx_cors_acl_origin | default("$http_origin") }}'; {% else %} add_header 'Access-Control-Allow-Origin' '*'; @@ -21,6 +22,7 @@ if ($request_method = 'OPTIONS') { } if ($request_method = 'POST') { {% if nginx_cors_limit_origin %} + proxy_hide_header Access-Control-Allow-Origin; add_header 'Access-Control-Allow-Origin' '{{ nginx_cors_acl_origin | default("$http_origin") }}'; {% else %} add_header 'Access-Control-Allow-Origin' '*'; @@ -32,8 +34,10 @@ if ($request_method = 'POST') { } if ($request_method = 'GET') { {% if nginx_cors_limit_origin %} + proxy_hide_header Access-Control-Allow-Origin; add_header 'Access-Control-Allow-Origin' '{{ nginx_cors_acl_origin | default("$http_origin") }}'; {% else %} + proxy_hide_header Access-Control-Allow-Origin; add_header 'Access-Control-Allow-Origin' '*'; {% endif %} add_header 'Access-Control-Allow-Credentials' 'true'; @@ -43,8 +47,10 @@ if ($request_method = 'GET') { } {% else %} {% if nginx_cors_limit_origin %} +proxy_hide_header Access-Control-Allow-Origin; add_header 'Access-Control-Allow-Origin' '{{ nginx_cors_acl_origin | default("$http_origin") }}'; {% else %} +proxy_hide_header Access-Control-Allow-Origin; add_header 'Access-Control-Allow-Origin' '*'; {% endif %} if ($request_method = OPTIONS ) {