kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-10-09 18:28:10 +02:00
Code Issues Packages Projects Releases Wiki Activity

proxy(cors): make ACAO opt-in; remove hardcoded default

Browse Source 
Stop forcing Access-Control-Allow-Origin to $scheme://$host. This default broke Element (element.infinito.nexus) -> Synapse (matrix.infinito.nexus) CORS and blocked login. Now ACAO is only set when 'aca_origin' is provided; otherwise we defer to the upstream app (e.g., Synapse) to emit correct CORS headers. Also convert top comments to Jinja block comment.

Discussion & debugging details: https://chatgpt.com/share/68de2236-4aec-800f-adc5-d025922c8753
This commit is contained in:
Kevin Veen-Birkenbach
2025-10-02 08:57:14 +02:00
parent 6824e444b0
commit b9fbf92461
1 changed files with 3 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
roles/sys-svc-proxy/templates/headers/access_control_allow.conf.j2
View File

@@ -1,12 +1,10 @@
# Configure CORS headers dynamically based on role variables.
# If no variable is defined, defaults are applied (e.g. same-origin).
# Discussion: https://chat.openai.com/share/2671b961-c1b0-472d-bae2-2804d0455e8a
{# Configure CORS headers dynamically based on role variables.
If no variable is defined, defaults are applied (e.g. same-origin).
Discussion: https://chat.openai.com/share/2671b961-c1b0-472d-bae2-2804d0455e8a #}
{# Access-Control-Allow-Origin #}
{% if aca_origin is defined %}
add_header 'Access-Control-Allow-Origin' {{ aca_origin }};
{% else %}
add_header 'Access-Control-Allow-Origin' $scheme://$host always;
{% endif %}
{# Access-Control-Allow-Credentials #}