library/roles/nginx/templates/nginx-cors.conf.j2: Simplyfy the CORS configuration.

This commit is contained in:
Andrea Dell'Amico 2017-08-16 15:16:03 +02:00
parent b86f5641c9
commit 19518b92b0
1 changed files with 9 additions and 17 deletions

View File

@ -1,7 +1,7 @@
{% if nginx_cors_extended_rules %}
if ($request_method = 'OPTIONS') {
{% if nginx_cors_limit_origin %}
add_header 'Access-Control-Allow-Origin' "{{ nginx_cors_acl_origin }}";
add_header 'Access-Control-Allow-Origin' "{{ nginx_cors_acl_origin | default('$http_origin') }}";
add_header 'Access-Control-Allow-Credentials' 'true';
{% else %}
add_header 'Access-Control-Allow-Origin' '*';
@ -21,7 +21,7 @@ if ($request_method = 'OPTIONS') {
}
if ($request_method = 'POST') {
{% if nginx_cors_limit_origin %}
add_header 'Access-Control-Allow-Origin' "{{ nginx_cors_acl_origin }}";
add_header 'Access-Control-Allow-Origin' "{{ nginx_cors_acl_origin | default('$http_origin') }}";
add_header 'Access-Control-Allow-Credentials' 'true';
{% else %}
add_header 'Access-Control-Allow-Origin' '*';
@ -32,7 +32,7 @@ if ($request_method = 'POST') {
}
if ($request_method = 'GET') {
{% if nginx_cors_limit_origin %}
add_header 'Access-Control-Allow-Origin' "{{ nginx_cors_acl_origin }}";
add_header 'Access-Control-Allow-Origin' "{{ nginx_cors_acl_origin | default('$http_origin') }}";
add_header 'Access-Control-Allow-Credentials' 'true';
{% else %}
add_header 'Access-Control-Allow-Origin' '*';
@ -43,26 +43,18 @@ if ($request_method = 'GET') {
}
{% else %}
{% if nginx_cors_limit_origin %}
set $cors '';
if ($http_origin ~* '{{ nginx_cors_acl_origin }}') {
set $cors 'true';
}
if ($cors = 'true') {
{% endif %}
{% if nginx_cors_limit_origin %}
add_header 'Access-Control-Allow-Origin' "$http_origin";
{% else %}
add_header 'Access-Control-Allow-Origin' "$http_origin";
# add_header 'Access-Control-Allow-Origin' "*";
{% endif %}
add_header 'Access-Control-Allow-Origin' '{{ nginx_cors_acl_origin | default("$http_origin") }}';
add_header 'Access-Control-Allow-Credentials' 'true';
{% else %}
add_header 'Access-Control-Allow-Origin' '*';
{% endif %}
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With';
{% if nginx_cors_limit_origin %}
}
{% endif %}
if ($request_method = 'OPTIONS') {
return 204;
}
{% endif %}
{% endif %}