From f2d22e9d53a3d064bbfb0406e7fb67bdc00de0a9 Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <andrea.dellamico@isti.cnr.it>
Date: Tue, 11 Jun 2024 14:49:32 +0200
Subject: [PATCH] Introduce nginx_access_control_allow_origin_src.

---
 defaults/main.yml            | 1 +
 templates/nginx-cors.conf.j2 | 8 ++++----
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 95e6f31..bc6e9f4 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -93,6 +93,7 @@ nginx_cors_global: true
 nginx_cors_limit_origin: true
 nginx_cors_extended_rules: false
 nginx_cors_acl_origin: 'http?://(localhost)'
+nginx_access_control_allow_origin_src: "*"
 # Possible methods:
 # CONNECT, DEBUG, DELETE, DONE, GET, HEAD, HTTP, HTTP/0.9, HTTP/1.0, HTTP/1.1, HTTP/2, OPTIONS, ORIGIN, ORIGINS, PATCH, POST, PUT, QUIC, REST, SESSION, SHOULD, SPDY, TRACE, TRACK
 nginx_cors_allowed_methods: 'GET, POST, OPTIONS'
diff --git a/templates/nginx-cors.conf.j2 b/templates/nginx-cors.conf.j2
index 1f3af86..5d6192e 100644
--- a/templates/nginx-cors.conf.j2
+++ b/templates/nginx-cors.conf.j2
@@ -3,7 +3,7 @@ if ($request_method = 'OPTIONS') {
 {% if nginx_cors_limit_origin %}
     add_header 'Access-Control-Allow-Origin' '{{ nginx_cors_acl_origin | default("$http_origin") }}';
 {% else %}
-    add_header 'Access-Control-Allow-Origin' '*';
+    add_header 'Access-Control-Allow-Origin' '{{ nginx_access_control_allow_origin_src | default("*") }}';
 {% endif %}
     add_header 'Access-Control-Allow-Credentials' 'true';
     add_header 'Access-Control-Allow-Methods' '{{ nginx_cors_allowed_methods }}';
@@ -23,7 +23,7 @@ if ($request_method = 'POST') {
 {% if nginx_cors_limit_origin %}
     add_header 'Access-Control-Allow-Origin' '{{ nginx_cors_acl_origin | default("$http_origin") }}';
 {% else %}
-    add_header 'Access-Control-Allow-Origin' '*';
+    add_header 'Access-Control-Allow-Origin' '{{ nginx_access_control_allow_origin_src | default("*") }}';
 {% endif %}
     add_header 'Access-Control-Allow-Credentials' 'true';
     add_header 'Access-Control-Allow-Methods' '{{ nginx_cors_allowed_methods }}';
@@ -34,7 +34,7 @@ if ($request_method = 'GET') {
 {% if nginx_cors_limit_origin %}
     add_header 'Access-Control-Allow-Origin' '{{ nginx_cors_acl_origin | default("$http_origin") }}';
 {% else %}
-    add_header 'Access-Control-Allow-Origin' '*';
+    add_header 'Access-Control-Allow-Origin' '{{ nginx_access_control_allow_origin_src | default("*") }}';
 {% endif %}
     add_header 'Access-Control-Allow-Credentials' 'true';
     add_header 'Access-Control-Allow-Methods' '{{ nginx_cors_allowed_methods }}';
@@ -45,7 +45,7 @@ if ($request_method = 'GET') {
 {% if nginx_cors_limit_origin %}
 add_header 'Access-Control-Allow-Origin' '{{ nginx_cors_acl_origin | default("$http_origin") }}';
 {% else %}
-add_header 'Access-Control-Allow-Origin' '*';
+add_header 'Access-Control-Allow-Origin' '{{ nginx_access_control_allow_origin_src | default("*") }}';
 {% endif %}
 if ($request_method = OPTIONS ) {
     return 204;