From 126b43a9b74ece1b3e01987ea3fb9f4bef16d32c Mon Sep 17 00:00:00 2001
From: Nicolai Willems <niw@digiseg.io>
Date: Fri, 3 Feb 2023 13:40:03 +0100
Subject: [PATCH] feat: in cors send origin back when allow-credentials is true

---
 internal/ingress/controller/template/template.go | 8 ++++++--
 rootfs/etc/nginx/template/nginx.tmpl             | 2 +-
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/internal/ingress/controller/template/template.go b/internal/ingress/controller/template/template.go
index 59f5f9b57..f09df6416 100644
--- a/internal/ingress/controller/template/template.go
+++ b/internal/ingress/controller/template/template.go
@@ -1786,9 +1786,13 @@ func buildOriginRegex(origin string) string {
 	return fmt.Sprintf("(%s)", origin)
 }
 
-func buildCorsOriginRegex(corsOrigins []string) string {
+func buildCorsOriginRegex(corsAllowCredentials string, corsOrigins []string) string {
 	if len(corsOrigins) == 1 && corsOrigins[0] == "*" {
-		return "set $cors_origin *;\nset $cors 'true';"
+		corsOrigin := "*"
+		if corsAllowCredentials == "true" {
+			corsOrigin = "$http_origin"
+		}
+		return fmt.Sprintf("set $cors_origin %s;\nset $cors 'true';", corsOrigin)
 	}
 
 	var originsRegex string = "if ($http_origin ~* ("
diff --git a/rootfs/etc/nginx/template/nginx.tmpl b/rootfs/etc/nginx/template/nginx.tmpl
index ef3013aa0..241d706b8 100755
--- a/rootfs/etc/nginx/template/nginx.tmpl
+++ b/rootfs/etc/nginx/template/nginx.tmpl
@@ -923,7 +923,7 @@ stream {
      {{ $cors := .CorsConfig }}
      # Cors Preflight methods needs additional options and different Return Code
      {{ if $cors.CorsAllowOrigin }}
-        {{ buildCorsOriginRegex $cors.CorsAllowOrigin }}
+        {{ buildCorsOriginRegex $cors.CorsAllowCredentials $cors.CorsAllowOrigin }}
      {{ end }}
      if ($request_method = 'OPTIONS') {
         set $cors ${cors}options;