ngin_vhost: support for CORS credentials header

matthewandrews · matthewandrews · commit eb719905c4a5 · 2022-03-30T18:07:23.000+11:00
diff --git a/ansible/roles/nginx_vhost/defaults/main.yml b/ansible/roles/nginx_vhost/defaults/main.yml
@@ -113,3 +113,5 @@ nginx_disable_download_disk_buffering: False
 # nginx_cors_origin_regexp: '^https?:\/\/(localhost|l-a\.site|.*\.l-a\.site)'
 nginx_cors_headers: "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range"
 nginx_cors_methods: "GET, POST, OPTIONS"
+# by default, Access-Control-Allow-Credentials header is not included; to include it, set this to True
+nginx_cors_allow_credentials: False
diff --git a/ansible/roles/nginx_vhost/templates/ala_cors.j2 b/ansible/roles/nginx_vhost/templates/ala_cors.j2
@@ -41,17 +41,26 @@ if ($cors = COPTIONS) {
   add_header 'Access-Control-Max-Age' 1728000;
   add_header 'Content-Type' 'text/plain; charset=utf-8';
   add_header 'Content-Length' 0;
+  {% if nginx_cors_allow_credentials == True %}
+  add_header 'Access-Control-Allow-Credentials' 'true';
+  {% endif %}
   return 204;
 }
 if ($cors = CPOST) {
   add_header 'Access-Control-Allow-Origin' '*';
   add_header 'Access-Control-Allow-Methods' '{{ nginx_cors_methods }}';
   add_header 'Access-Control-Allow-Headers' '{{ nginx_cors_headers }}';
   add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
+  {% if nginx_cors_allow_credentials == True %}
+  add_header 'Access-Control-Allow-Credentials' 'true';
+  {% endif %}
 }
 if ($cors = CGET) {
   add_header 'Access-Control-Allow-Origin' '*' always;
   add_header 'Access-Control-Allow-Methods' '{{ nginx_cors_methods }}';
   add_header 'Access-Control-Allow-Headers' '{{ nginx_cors_headers }}';
   add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
+  {% if nginx_cors_allow_credentials == True %}
+  add_header 'Access-Control-Allow-Credentials' 'true';
+  {% endif %}
 }
