diff --git a/nginx/templates/nginx-cors.conf.j2 b/nginx/templates/nginx-cors.conf.j2 index 9ad887f7..75b93a65 100644 --- a/nginx/templates/nginx-cors.conf.j2 +++ b/nginx/templates/nginx-cors.conf.j2 @@ -1,7 +1,7 @@ {% if nginx_cors_extended_rules %} if ($request_method = 'OPTIONS') { {% if nginx_cors_limit_origin %} - add_header 'Access-Control-Allow-Origin' "{{ nginx_cors_acl_origin }}"; + add_header 'Access-Control-Allow-Origin' "{{ nginx_cors_acl_origin | default('$http_origin') }}"; add_header 'Access-Control-Allow-Credentials' 'true'; {% else %} add_header 'Access-Control-Allow-Origin' '*'; @@ -21,7 +21,7 @@ if ($request_method = 'OPTIONS') { } if ($request_method = 'POST') { {% if nginx_cors_limit_origin %} - add_header 'Access-Control-Allow-Origin' "{{ nginx_cors_acl_origin }}"; + add_header 'Access-Control-Allow-Origin' "{{ nginx_cors_acl_origin | default('$http_origin') }}"; add_header 'Access-Control-Allow-Credentials' 'true'; {% else %} add_header 'Access-Control-Allow-Origin' '*'; @@ -32,7 +32,7 @@ if ($request_method = 'POST') { } if ($request_method = 'GET') { {% if nginx_cors_limit_origin %} - add_header 'Access-Control-Allow-Origin' "{{ nginx_cors_acl_origin }}"; + add_header 'Access-Control-Allow-Origin' "{{ nginx_cors_acl_origin | default('$http_origin') }}"; add_header 'Access-Control-Allow-Credentials' 'true'; {% else %} add_header 'Access-Control-Allow-Origin' '*'; @@ -43,26 +43,18 @@ if ($request_method = 'GET') { } {% else %} {% if nginx_cors_limit_origin %} -set $cors ''; -if ($http_origin ~* '{{ nginx_cors_acl_origin }}') { - set $cors 'true'; -} -if ($cors = 'true') { -{% endif %} -{% if nginx_cors_limit_origin %} - add_header 'Access-Control-Allow-Origin' "$http_origin"; +add_header 'Access-Control-Allow-Origin' '{{ nginx_cors_acl_origin | default("$http_origin") }}'; +add_header 'Access-Control-Allow-Credentials' 'true'; {% else %} - add_header 'Access-Control-Allow-Origin' "$http_origin"; - # add_header 'Access-Control-Allow-Origin' "*"; +add_header 'Access-Control-Allow-Origin' '*'; {% endif %} - add_header 'Access-Control-Allow-Credentials' 'true'; - add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; - add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With'; +add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; +add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With'; {% if nginx_cors_limit_origin %} } -{% endif %} if ($request_method = 'OPTIONS') { return 204; } {% endif %} +{% endif %}