Globally hide the header Access-Control-Allow-Origin before adding it.
This commit is contained in:
parent
634744cd71
commit
6f005d13a5
|
@ -1,7 +1,6 @@
|
|||
{% if nginx_cors_extended_rules %}
|
||||
if ($request_method = 'OPTIONS') {
|
||||
{% if nginx_cors_limit_origin %}
|
||||
proxy_hide_header Access-Control-Allow-Origin;
|
||||
add_header 'Access-Control-Allow-Origin' '{{ nginx_cors_acl_origin | default("$http_origin") }}';
|
||||
{% else %}
|
||||
add_header 'Access-Control-Allow-Origin' '*';
|
||||
|
@ -22,7 +21,6 @@ if ($request_method = 'OPTIONS') {
|
|||
}
|
||||
if ($request_method = 'POST') {
|
||||
{% if nginx_cors_limit_origin %}
|
||||
proxy_hide_header Access-Control-Allow-Origin;
|
||||
add_header 'Access-Control-Allow-Origin' '{{ nginx_cors_acl_origin | default("$http_origin") }}';
|
||||
{% else %}
|
||||
add_header 'Access-Control-Allow-Origin' '*';
|
||||
|
@ -34,7 +32,6 @@ if ($request_method = 'POST') {
|
|||
}
|
||||
if ($request_method = 'GET') {
|
||||
{% if nginx_cors_limit_origin %}
|
||||
proxy_hide_header Access-Control-Allow-Origin;
|
||||
add_header 'Access-Control-Allow-Origin' '{{ nginx_cors_acl_origin | default("$http_origin") }}';
|
||||
{% else %}
|
||||
proxy_hide_header Access-Control-Allow-Origin;
|
||||
|
@ -47,10 +44,8 @@ if ($request_method = 'GET') {
|
|||
}
|
||||
{% else %}
|
||||
{% if nginx_cors_limit_origin %}
|
||||
proxy_hide_header Access-Control-Allow-Origin;
|
||||
add_header 'Access-Control-Allow-Origin' '{{ nginx_cors_acl_origin | default("$http_origin") }}';
|
||||
{% else %}
|
||||
proxy_hide_header Access-Control-Allow-Origin;
|
||||
add_header 'Access-Control-Allow-Origin' '*';
|
||||
{% endif %}
|
||||
if ($request_method = OPTIONS ) {
|
||||
|
|
|
@ -123,6 +123,7 @@ server {
|
|||
{% endif %}
|
||||
|
||||
{% if nginx_cors_enabled %}
|
||||
proxy_hide_header Access-Control-Allow-Origin;
|
||||
{% if nginx_cors_global %}
|
||||
include /etc/nginx/snippets/nginx-cors.conf;
|
||||
{% endif %}
|
||||
|
@ -306,6 +307,7 @@ server {
|
|||
server_tokens {{ item.server_tokens | default('off') }};
|
||||
|
||||
{% if nginx_cors_enabled %}
|
||||
proxy_hide_header Access-Control-Allow-Origin;
|
||||
{% if nginx_cors_global %}
|
||||
include /etc/nginx/snippets/nginx-cors.conf;
|
||||
{% endif %}
|
||||
|
|
Loading…
Reference in New Issue