feat: in cors send origin back when allow-credentials is true

2023-02-03 13:40:03 +01:00 · 2023-02-03 13:40:03 +01:00 · 126b43a9b7
commit 126b43a9b7
parent 4f1ca7a3ce
2 changed files with 7 additions and 3 deletions
--- a/internal/ingress/controller/template/template.go
+++ b/internal/ingress/controller/template/template.go
@ -1786,9 +1786,13 @@ func buildOriginRegex(origin string) string {
 	return fmt.Sprintf("(%s)", origin)
 }

-func buildCorsOriginRegex(corsOrigins []string) string {
+func buildCorsOriginRegex(corsAllowCredentials string, corsOrigins []string) string {
 	if len(corsOrigins) == 1 && corsOrigins[0] == "*" {
-		return "set $cors_origin *;\nset $cors 'true';"
+		corsOrigin := "*"
+		if corsAllowCredentials == "true" {
+			corsOrigin = "$http_origin"
+		}
+		return fmt.Sprintf("set $cors_origin %s;\nset $cors 'true';", corsOrigin)
 	}

 	var originsRegex string = "if ($http_origin ~* ("
--- a/rootfs/etc/nginx/template/nginx.tmpl
+++ b/rootfs/etc/nginx/template/nginx.tmpl
@ -923,7 +923,7 @@ stream {
     {{ $cors := .CorsConfig }}
     # Cors Preflight methods needs additional options and different Return Code
     {{ if $cors.CorsAllowOrigin }}
-        {{ buildCorsOriginRegex $cors.CorsAllowOrigin }}
+        {{ buildCorsOriginRegex $cors.CorsAllowCredentials $cors.CorsAllowOrigin }}
     {{ end }}
     if ($request_method = 'OPTIONS') {
        set $cors ${cors}options;