reconfigured nginx-cors.conf like docker-compose one: set the "origin…

…" based on the passed Origin header Signed-off-by: Thomas Jaeckle <thomas.jaeckle@bosch.io>
eclipse-ditto · Sep 29, 2020 · a1c064c · a1c064c
1 parent 48b4f0e
commit a1c064c
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/deployment/kubernetes/nginx/nginx-cors.conf b/deployment/kubernetes/nginx/nginx-cors.conf
@@ -17,7 +17,7 @@ if ($request_method = 'OPTIONS') {
 }
 
 if ($cors = '1') {
-  add_header 'Access-Control-Allow-Origin' '*' always;
+  add_header 'Access-Control-Allow-Origin' '$http_origin' always;
   add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
   add_header 'Access-Control-Allow-Credentials' 'true' always;
   add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,Content-Length,DNT,If-Match,If-Modified-Since,If-None-Match,Keep-Alive,Origin,User-Agent,X-Requested-With' always;
@@ -27,7 +27,7 @@ if ($cors = '1') {
 if ($cors = '1o') {
   # Tell client that this pre-flight info is valid for 20 days
   add_header 'Access-Control-Max-Age' 1728000;
-  add_header 'Access-Control-Allow-Origin' '*' always;
+  add_header 'Access-Control-Allow-Origin' '$http_origin' always;
   add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
   add_header 'Access-Control-Allow-Credentials' 'true' always;
   add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,Content-Length,DNT,If-Match,If-Modified-Since,If-None-Match,Keep-Alive,Origin,User-Agent,X-Requested-With' always;