Commit c6119962 by Alain Takoudjou

gitlab: set allow Credentials to in nginx configuration

Allow origin is now to the http_origin because origin "*" will fail if
withCredentials is set in the request header
1 parent 494e8d3f
......@@ -101,7 +101,7 @@ configuration.nginx_gzip_comp_level = 2
configuration.nginx_gzip_proxied = any
configuration.nginx_gzip_types = text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript application/json
configuration.nginx_keepalive_timeout = 65
configuration.nginx_header_allow_origin = *
configuration.nginx_header_allow_origin = $http_origin
# configuring trusted proxies
# GitLab is behind a reverse proxy, so we don't want the IP address of the proxy
......
......@@ -293,7 +293,7 @@ md5sum = 7782f5c5d75663c2586e28d029c51e49
[gitlab-parameters.cfg]
<= download-file
md5sum = dec5d989e2d969369bd1eaffcbfb78d6
md5sum = 8f4537cb8a0c9a8e0058c30cb687681c
[gitlab-shell-config.yml.in]
<= download-template
......@@ -325,7 +325,7 @@ md5sum = a56a44e96f65f5ed20211bb6a54279f4
[nginx-gitlab-http.conf.in]
<= download-template
md5sum = 697140d980c75ddc1dd0a656b1c88447
md5sum = abcc5eda03e10b26c74619f299a7f6a8
[nginx.conf.in]
<= download-template
......
......@@ -120,6 +120,7 @@ server {
location {{ path }} {
# Set CORS header
add_header 'Access-Control-Allow-Origin' {{ cfg('nginx_header_allow_origin') }};
add_header 'Access-Control-Allow-Credentials' true;
## If you use HTTPS make sure you disable gzip compression
## to be safe against BREACH attack.
{{ 'gzip off;' if cfg_https else ''}}
......
Styling with Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!