From 6f005d13a5562b1ac95d1f65956222081b043907 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Thu, 6 Jun 2024 12:22:36 +0200 Subject: [PATCH] Globally hide the header Access-Control-Allow-Origin before adding it. --- templates/nginx-cors.conf.j2 | 5 ----- templates/nginx-virthost.j2 | 2 ++ 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/templates/nginx-cors.conf.j2 b/templates/nginx-cors.conf.j2 index 703fd8d..88719c3 100644 --- a/templates/nginx-cors.conf.j2 +++ b/templates/nginx-cors.conf.j2 @@ -1,7 +1,6 @@ {% if nginx_cors_extended_rules %} if ($request_method = 'OPTIONS') { {% if nginx_cors_limit_origin %} - proxy_hide_header Access-Control-Allow-Origin; add_header 'Access-Control-Allow-Origin' '{{ nginx_cors_acl_origin | default("$http_origin") }}'; {% else %} add_header 'Access-Control-Allow-Origin' '*'; @@ -22,7 +21,6 @@ if ($request_method = 'OPTIONS') { } if ($request_method = 'POST') { {% if nginx_cors_limit_origin %} - proxy_hide_header Access-Control-Allow-Origin; add_header 'Access-Control-Allow-Origin' '{{ nginx_cors_acl_origin | default("$http_origin") }}'; {% else %} add_header 'Access-Control-Allow-Origin' '*'; @@ -34,7 +32,6 @@ if ($request_method = 'POST') { } if ($request_method = 'GET') { {% if nginx_cors_limit_origin %} - proxy_hide_header Access-Control-Allow-Origin; add_header 'Access-Control-Allow-Origin' '{{ nginx_cors_acl_origin | default("$http_origin") }}'; {% else %} proxy_hide_header Access-Control-Allow-Origin; @@ -47,10 +44,8 @@ if ($request_method = 'GET') { } {% else %} {% if nginx_cors_limit_origin %} -proxy_hide_header Access-Control-Allow-Origin; add_header 'Access-Control-Allow-Origin' '{{ nginx_cors_acl_origin | default("$http_origin") }}'; {% else %} -proxy_hide_header Access-Control-Allow-Origin; add_header 'Access-Control-Allow-Origin' '*'; {% endif %} if ($request_method = OPTIONS ) { diff --git a/templates/nginx-virthost.j2 b/templates/nginx-virthost.j2 index 2a7f9a0..68ebbf1 100644 --- a/templates/nginx-virthost.j2 +++ b/templates/nginx-virthost.j2 @@ -123,6 +123,7 @@ server { {% endif %} {% if nginx_cors_enabled %} + proxy_hide_header Access-Control-Allow-Origin; {% if nginx_cors_global %} include /etc/nginx/snippets/nginx-cors.conf; {% endif %} @@ -306,6 +307,7 @@ server { server_tokens {{ item.server_tokens | default('off') }}; {% if nginx_cors_enabled %} + proxy_hide_header Access-Control-Allow-Origin; {% if nginx_cors_global %} include /etc/nginx/snippets/nginx-cors.conf; {% endif %}