diff --git a/nginx/nginx.gp4btc.conf b/nginx/nginx.gp4btc.conf index 25806ff2..9efb96ce 100644 --- a/nginx/nginx.gp4btc.conf +++ b/nginx/nginx.gp4btc.conf @@ -58,14 +58,19 @@ server { auth_request /token_introspection; proxy_pass http://host.docker.internal:3000; # this is a gp4btc backend - # WARNING!!! - # gp4btc backend needs to have CORS headers disable completely, - # otherwise they will duplicate and will not be accepted by browsers - + proxy_hide_header Access-Control-Allow-Origin; add_header Access-Control-Allow-Origin $allow_origin always; + + proxy_hide_header Access-Control-Allow-Credentials; add_header Access-Control-Allow-Credentials 'true' always; + + proxy_hide_header Access-Control-Max-Age; add_header Access-Control-Max-Age $cors_max_age always; + + proxy_hide_header Access-Control-Allow-Methods; add_header Access-Control-Allow-Methods $cors_allow_methods always; + + proxy_hide_header Access-Control-Allow-Headers; add_header Access-Control-Allow-Headers $cors_allow_headers always; set $initial_content_length $sent_http_content_length; @@ -84,14 +89,19 @@ server { location /explorer { proxy_pass http://host.docker.internal:3000; # this is a gp4btc backend - # WARNING!!! - # gp4btc backend needs to have CORS headers disable completely, - # otherwise they will duplicate and will not be accepted by browsers - + proxy_hide_header Access-Control-Allow-Origin; add_header Access-Control-Allow-Origin $allow_origin always; + + proxy_hide_header Access-Control-Allow-Credentials; add_header Access-Control-Allow-Credentials 'true' always; + + proxy_hide_header Access-Control-Max-Age; add_header Access-Control-Max-Age $cors_max_age always; + + proxy_hide_header Access-Control-Allow-Methods; add_header Access-Control-Allow-Methods $cors_allow_methods always; + + proxy_hide_header Access-Control-Allow-Headers; add_header Access-Control-Allow-Headers $cors_allow_headers always; set $initial_content_length $sent_http_content_length;