chore: removing CORS headers set by backend

energywebfoundation · May 12, 2023 · f9f8e98 · f9f8e98
1 parent 02df93d
commit f9f8e98
Showing 1 changed file with 18 additions and 8 deletions.
diff --git a/nginx/nginx.gp4btc.conf b/nginx/nginx.gp4btc.conf
@@ -58,14 +58,19 @@ server {
         auth_request /token_introspection;
         proxy_pass http://host.docker.internal:3000;  # this is a gp4btc backend
 
-        # WARNING!!!
-        # gp4btc backend needs to have CORS headers disable completely,
-        # otherwise they will duplicate and will not be accepted by browsers
-
+        proxy_hide_header Access-Control-Allow-Origin;
         add_header Access-Control-Allow-Origin $allow_origin  always;
+
+        proxy_hide_header Access-Control-Allow-Credentials;
         add_header Access-Control-Allow-Credentials 'true'  always;
+
+        proxy_hide_header Access-Control-Max-Age;
         add_header Access-Control-Max-Age $cors_max_age  always;
+
+        proxy_hide_header Access-Control-Allow-Methods;
         add_header Access-Control-Allow-Methods $cors_allow_methods  always;
+
+        proxy_hide_header Access-Control-Allow-Headers;
         add_header Access-Control-Allow-Headers $cors_allow_headers  always;
 
         set $initial_content_length $sent_http_content_length;
@@ -84,14 +89,19 @@ server {
     location /explorer {
         proxy_pass http://host.docker.internal:3000; # this is a gp4btc backend
 
-        # WARNING!!!
-        # gp4btc backend needs to have CORS headers disable completely,
-        # otherwise they will duplicate and will not be accepted by browsers
-
+        proxy_hide_header Access-Control-Allow-Origin;
         add_header Access-Control-Allow-Origin $allow_origin  always;
+
+        proxy_hide_header Access-Control-Allow-Credentials;
         add_header Access-Control-Allow-Credentials 'true'  always;
+
+        proxy_hide_header Access-Control-Max-Age;
         add_header Access-Control-Max-Age $cors_max_age  always;
+
+        proxy_hide_header Access-Control-Allow-Methods;
         add_header Access-Control-Allow-Methods $cors_allow_methods  always;
+
+        proxy_hide_header Access-Control-Allow-Headers;
         add_header Access-Control-Allow-Headers $cors_allow_headers  always;
 
         set $initial_content_length $sent_http_content_length;