ISTI-ansible-roles
/
ansible-role-nginx
4
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Globally hide the header Access-Control-Allow-Origin before adding it.

This commit is contained in:
Andrea Dell'Amico 2024-06-06 12:22:36 +02:00
parent 634744cd71
commit 6f005d13a5
Signed by: adellam
GPG Key ID: 147ABE6CEB9E20FF
2 changed files with 2 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
templates/nginx-cors.conf.j2
View File

@ -1,7 +1,6 @@
{% if nginx_cors_extended_rules %} {% if nginx_cors_extended_rules %}
if ($request_method = 'OPTIONS') { if ($request_method = 'OPTIONS') {
{% if nginx_cors_limit_origin %} {% if nginx_cors_limit_origin %}
proxy_hide_header Access-Control-Allow-Origin;
add_header 'Access-Control-Allow-Origin' '{{ nginx_cors_acl_origin | default("$http_origin") }}'; add_header 'Access-Control-Allow-Origin' '{{ nginx_cors_acl_origin | default("$http_origin") }}';
{% else %} {% else %}
add_header 'Access-Control-Allow-Origin' '*'; add_header 'Access-Control-Allow-Origin' '*';
@ -22,7 +21,6 @@ if ($request_method = 'OPTIONS') {
} }
if ($request_method = 'POST') { if ($request_method = 'POST') {
{% if nginx_cors_limit_origin %} {% if nginx_cors_limit_origin %}
proxy_hide_header Access-Control-Allow-Origin;
add_header 'Access-Control-Allow-Origin' '{{ nginx_cors_acl_origin | default("$http_origin") }}'; add_header 'Access-Control-Allow-Origin' '{{ nginx_cors_acl_origin | default("$http_origin") }}';
{% else %} {% else %}
add_header 'Access-Control-Allow-Origin' '*'; add_header 'Access-Control-Allow-Origin' '*';
@ -34,7 +32,6 @@ if ($request_method = 'POST') {
} }
if ($request_method = 'GET') { if ($request_method = 'GET') {
{% if nginx_cors_limit_origin %} {% if nginx_cors_limit_origin %}
proxy_hide_header Access-Control-Allow-Origin;
add_header 'Access-Control-Allow-Origin' '{{ nginx_cors_acl_origin | default("$http_origin") }}'; add_header 'Access-Control-Allow-Origin' '{{ nginx_cors_acl_origin | default("$http_origin") }}';
{% else %} {% else %}
proxy_hide_header Access-Control-Allow-Origin; proxy_hide_header Access-Control-Allow-Origin;
@ -47,10 +44,8 @@ if ($request_method = 'GET') {
} }
{% else %} {% else %}
{% if nginx_cors_limit_origin %} {% if nginx_cors_limit_origin %}
proxy_hide_header Access-Control-Allow-Origin;
add_header 'Access-Control-Allow-Origin' '{{ nginx_cors_acl_origin | default("$http_origin") }}'; add_header 'Access-Control-Allow-Origin' '{{ nginx_cors_acl_origin | default("$http_origin") }}';
{% else %} {% else %}
proxy_hide_header Access-Control-Allow-Origin;
add_header 'Access-Control-Allow-Origin' '*'; add_header 'Access-Control-Allow-Origin' '*';
{% endif %} {% endif %}
if ($request_method = OPTIONS ) { if ($request_method = OPTIONS ) {

2
templates/nginx-virthost.j2
View File

@ -123,6 +123,7 @@ server {
{% endif %} {% endif %}
{% if nginx_cors_enabled %} {% if nginx_cors_enabled %}
proxy_hide_header Access-Control-Allow-Origin;
{% if nginx_cors_global %} {% if nginx_cors_global %}
include /etc/nginx/snippets/nginx-cors.conf; include /etc/nginx/snippets/nginx-cors.conf;
{% endif %} {% endif %}
@ -306,6 +307,7 @@ server {
server_tokens {{ item.server_tokens | default('off') }}; server_tokens {{ item.server_tokens | default('off') }};
{% if nginx_cors_enabled %} {% if nginx_cors_enabled %}
proxy_hide_header Access-Control-Allow-Origin;
{% if nginx_cors_global %} {% if nginx_cors_global %}
include /etc/nginx/snippets/nginx-cors.conf; include /etc/nginx/snippets/nginx-cors.conf;
{% endif %} {% endif %}