diff --git a/docker/nginx/conf.d/include/cors b/docker/nginx/conf.d/include/cors index fd8e1220..61075e52 100644 --- a/docker/nginx/conf.d/include/cors +++ b/docker/nginx/conf.d/include/cors @@ -1,5 +1,6 @@ if ($request_method = 'OPTIONS') { - more_set_headers 'Access-Control-Allow-Origin: *'; + more_set_headers 'Access-Control-Allow-Origin: $http_origin'; + more_set_headers 'Access-Control-Allow-Credentials: true'; more_set_headers 'Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, DELETE'; more_set_headers 'Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range'; more_set_headers 'Access-Control-Max-Age: 1728000'; @@ -8,7 +9,8 @@ if ($request_method = 'OPTIONS') { return 204; } -more_set_headers 'Access-Control-Allow-Origin: *'; +more_set_headers 'Access-Control-Allow-Origin: $http_origin'; +more_set_headers 'Access-Control-Allow-Credentials: true'; more_set_headers 'Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, DELETE'; more_set_headers 'Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range'; more_set_headers 'Access-Control-Expose-Headers: Content-Length,Content-Range,Skynet-File-Metadata,Skynet-Skylink,Skynet-Portal-Api';