From c47961f9dc677dfbdfd981ab4355fda20c667a18 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Mon, 16 Dec 2024 15:42:02 +0100 Subject: [PATCH] Disable Access-Control-Allow-Credentials when nginx_cors_limit_origin. --- templates/nginx-cors.conf.j2 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/templates/nginx-cors.conf.j2 b/templates/nginx-cors.conf.j2 index cd96e1c..aac2ca8 100644 --- a/templates/nginx-cors.conf.j2 +++ b/templates/nginx-cors.conf.j2 @@ -58,7 +58,9 @@ add_header 'Access-Control-Allow-Origin' '{{ nginx_access_control_allow_origin_s if ($request_method = OPTIONS ) { return 204; } +{% if nginx_cors_limit_origin %} add_header 'Access-Control-Allow-Credentials' 'true'; +{% endif %} add_header 'Access-Control-Allow-Methods' '{{ nginx_cors_allowed_methods }}'; add_header 'Access-Control-Allow-Headers' '{{ nginx_cors_allowed_headers }}'; add_header 'Access-Control-Expose-Headers' '{{ nginx_cors_allowed_headers }}';