Fix CORS handling by adding 'always' to Access-Control-Allow-Origin

Ensures the header is included for all HTTP status codes, preventing CORS failures during logout requests. Details: https://chatgpt.com/share/69328659-8d80-800f-9dbc-2bcf15923a1f
2025-12-07 18:05:09 +00:00 · 2025-12-05 08:14:51 +01:00
parent 9fb372be52
commit ecfdac6764
1 changed files with 1 additions and 1 deletions
--- a/roles/web-svc-logout/templates/logout-proxy.conf.j2
+++ b/roles/web-svc-logout/templates/logout-proxy.conf.j2
@@ -8,7 +8,7 @@ location = /logout {
    proxy_http_version 1.1;

    {# CORS headers – allow your central page to call this #}
-    {%- set aca_origin = domains | get_url('web-svc-logout', WEB_PROTOCOL) -%}
+    {%- set aca_origin = domains | get_url('web-svc-logout', WEB_PROTOCOL) ~ " always" -%}
    {%- set aca_credentials = "'true' always" -%}
    {%- set aca_methods = "'GET, OPTIONS' always" -%}
    {%- set aca_headers = "'Accept, Authorization' always" -%}