hide the header Access-Control-Allow-Origin before adding it.

2024-06-06 12:17:25 +02:00 · 2024-06-06 12:17:25 +02:00 · 634744cd71
parent fea452d7b1
commit 634744cd71
1 changed files with 6 additions and 0 deletions
--- a/templates/nginx-cors.conf.j2
+++ b/templates/nginx-cors.conf.j2
@ -1,6 +1,7 @@
 {% if nginx_cors_extended_rules %}
 if ($request_method = 'OPTIONS') {
 {% if nginx_cors_limit_origin %}
+    proxy_hide_header Access-Control-Allow-Origin;
    add_header 'Access-Control-Allow-Origin' '{{ nginx_cors_acl_origin | default("$http_origin") }}';
 {% else %}
    add_header 'Access-Control-Allow-Origin' '*';
@ -21,6 +22,7 @@ if ($request_method = 'OPTIONS') {
 }
 if ($request_method = 'POST') {
 {% if nginx_cors_limit_origin %}
+    proxy_hide_header Access-Control-Allow-Origin;
    add_header 'Access-Control-Allow-Origin' '{{ nginx_cors_acl_origin | default("$http_origin") }}';
 {% else %}
    add_header 'Access-Control-Allow-Origin' '*';
@ -32,8 +34,10 @@ if ($request_method = 'POST') {
 }
 if ($request_method = 'GET') {
 {% if nginx_cors_limit_origin %}
+    proxy_hide_header Access-Control-Allow-Origin;
    add_header 'Access-Control-Allow-Origin' '{{ nginx_cors_acl_origin | default("$http_origin") }}';
 {% else %}
+    proxy_hide_header Access-Control-Allow-Origin;
    add_header 'Access-Control-Allow-Origin' '*';
 {% endif %}
    add_header 'Access-Control-Allow-Credentials' 'true';
@ -43,8 +47,10 @@ if ($request_method = 'GET') {
 }
 {% else %}
 {% if nginx_cors_limit_origin %}
+proxy_hide_header Access-Control-Allow-Origin;
 add_header 'Access-Control-Allow-Origin' '{{ nginx_cors_acl_origin | default("$http_origin") }}';
 {% else %}
+proxy_hide_header Access-Control-Allow-Origin;
 add_header 'Access-Control-Allow-Origin' '*';
 {% endif %}
 if ($request_method = OPTIONS ) {