diff --git a/templates/nginx-cors.conf.j2 b/templates/nginx-cors.conf.j2 index 4ae8318..64d7e4b 100644 --- a/templates/nginx-cors.conf.j2 +++ b/templates/nginx-cors.conf.j2 @@ -1,10 +1,10 @@ {% if nginx_cors_extended_rules %} if ($request_method = 'OPTIONS') { {% if nginx_cors_limit_origin %} - proxy_hide_header Access-Control-Allow-Origin; +# proxy_hide_header Access-Control-Allow-Origin; add_header 'Access-Control-Allow-Origin' '{{ nginx_cors_acl_origin | default("$http_origin") }}'; {% else %} - proxy_hide_header Access-Control-Allow-Origin; +# proxy_hide_header Access-Control-Allow-Origin; add_header 'Access-Control-Allow-Origin' '{{ nginx_access_control_allow_origin_src | default("*") }}'; {% endif %} add_header 'Access-Control-Allow-Credentials' 'true'; @@ -23,10 +23,10 @@ if ($request_method = 'OPTIONS') { } if ($request_method = 'POST') { {% if nginx_cors_limit_origin %} - proxy_hide_header Access-Control-Allow-Origin; +# proxy_hide_header Access-Control-Allow-Origin; add_header 'Access-Control-Allow-Origin' '{{ nginx_cors_acl_origin | default("$http_origin") }}'; {% else %} - proxy_hide_header Access-Control-Allow-Origin; +# proxy_hide_header Access-Control-Allow-Origin; add_header 'Access-Control-Allow-Origin' '{{ nginx_access_control_allow_origin_src | default("*") }}'; {% endif %} add_header 'Access-Control-Allow-Credentials' 'true'; @@ -36,10 +36,10 @@ if ($request_method = 'POST') { } if ($request_method = 'GET') { {% if nginx_cors_limit_origin %} - proxy_hide_header Access-Control-Allow-Origin; +# proxy_hide_header Access-Control-Allow-Origin; add_header 'Access-Control-Allow-Origin' '{{ nginx_cors_acl_origin | default("$http_origin") }}'; {% else %} - proxy_hide_header Access-Control-Allow-Origin; +# proxy_hide_header Access-Control-Allow-Origin; add_header 'Access-Control-Allow-Origin' '{{ nginx_access_control_allow_origin_src | default("*") }}'; {% endif %} add_header 'Access-Control-Allow-Credentials' 'true';