proxy(cors): make ACAO opt-in; remove hardcoded default

Stop forcing Access-Control-Allow-Origin to $scheme://$host. This default broke Element (element.infinito.nexus) -> Synapse (matrix.infinito.nexus) CORS and blocked login. Now ACAO is only set when 'aca_origin' is provided; otherwise we defer to the upstream app (e.g., Synapse) to emit correct CORS headers. Also convert top comments to Jinja block comment.

Discussion & debugging details: https://chatgpt.com/share/68de2236-4aec-800f-adc5-d025922c8753
This commit is contained in:
2025-10-02 08:57:14 +02:00
parent 6824e444b0
commit b9fbf92461

View File

@@ -1,12 +1,10 @@
# Configure CORS headers dynamically based on role variables.
# If no variable is defined, defaults are applied (e.g. same-origin).
# Discussion: https://chat.openai.com/share/2671b961-c1b0-472d-bae2-2804d0455e8a
{# Configure CORS headers dynamically based on role variables.
If no variable is defined, defaults are applied (e.g. same-origin).
Discussion: https://chat.openai.com/share/2671b961-c1b0-472d-bae2-2804d0455e8a #}
{# Access-Control-Allow-Origin #}
{% if aca_origin is defined %}
add_header 'Access-Control-Allow-Origin' {{ aca_origin }};
{% else %}
add_header 'Access-Control-Allow-Origin' $scheme://$host always;
{% endif %}
{# Access-Control-Allow-Credentials #}