defaults/main.yml

@@ -91,7 +91,7 @@ nginx_client_body_timeout: 240s
 
 nginx_cors_enabled: false
 nginx_cors_global: true
-nginx_cors_limit_origin: true
+nginx_cors_limit_origin: false
 nginx_cors_extended_rules: false
 nginx_cors_acl_origin: 'http?://(localhost)'
 nginx_access_control_allow_origin_src: "*"

templates/nginx-cors.conf.j2

@@ -61,8 +61,8 @@ if ($request_method = OPTIONS ) {
 {% if nginx_cors_limit_origin %}
 add_header 'Access-Control-Allow-Credentials' 'true';
 {% endif %}
-add_header 'Access-Control-Allow-Methods' '{{ nginx_cors_allowed_methods }}';
-add_header 'Access-Control-Allow-Headers' '{{ nginx_cors_allowed_headers }}';
-add_header 'Access-Control-Expose-Headers' '{{ nginx_cors_allowed_headers }}';
+add_header 'Access-Control-Allow-Methods' '{{ nginx_cors_allowed_methods }}' always;
+add_header 'Access-Control-Allow-Headers' '{{ nginx_cors_allowed_headers }}' always;
+add_header 'Access-Control-Expose-Headers' '{{ nginx_cors_allowed_headers }}' always;
 {% endif %}