Commit c6119962 authored by Alain Takoudjou's avatar Alain Takoudjou

gitlab: set allow Credentials to in nginx configuration

Allow origin is now to the http_origin because origin "*" will fail if
withCredentials is set in the request header
parent 494e8d3f
...@@ -101,7 +101,7 @@ configuration.nginx_gzip_comp_level = 2 ...@@ -101,7 +101,7 @@ configuration.nginx_gzip_comp_level = 2
configuration.nginx_gzip_proxied = any configuration.nginx_gzip_proxied = any
configuration.nginx_gzip_types = text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript application/json configuration.nginx_gzip_types = text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript application/json
configuration.nginx_keepalive_timeout = 65 configuration.nginx_keepalive_timeout = 65
configuration.nginx_header_allow_origin = * configuration.nginx_header_allow_origin = $http_origin
# configuring trusted proxies # configuring trusted proxies
# GitLab is behind a reverse proxy, so we don't want the IP address of the proxy # GitLab is behind a reverse proxy, so we don't want the IP address of the proxy
......
...@@ -293,7 +293,7 @@ md5sum = 7782f5c5d75663c2586e28d029c51e49 ...@@ -293,7 +293,7 @@ md5sum = 7782f5c5d75663c2586e28d029c51e49
[gitlab-parameters.cfg] [gitlab-parameters.cfg]
<= download-file <= download-file
md5sum = dec5d989e2d969369bd1eaffcbfb78d6 md5sum = 8f4537cb8a0c9a8e0058c30cb687681c
[gitlab-shell-config.yml.in] [gitlab-shell-config.yml.in]
<= download-template <= download-template
...@@ -325,7 +325,7 @@ md5sum = a56a44e96f65f5ed20211bb6a54279f4 ...@@ -325,7 +325,7 @@ md5sum = a56a44e96f65f5ed20211bb6a54279f4
[nginx-gitlab-http.conf.in] [nginx-gitlab-http.conf.in]
<= download-template <= download-template
md5sum = 697140d980c75ddc1dd0a656b1c88447 md5sum = abcc5eda03e10b26c74619f299a7f6a8
[nginx.conf.in] [nginx.conf.in]
<= download-template <= download-template
......
...@@ -120,6 +120,7 @@ server { ...@@ -120,6 +120,7 @@ server {
location {{ path }} { location {{ path }} {
# Set CORS header # Set CORS header
add_header 'Access-Control-Allow-Origin' {{ cfg('nginx_header_allow_origin') }}; add_header 'Access-Control-Allow-Origin' {{ cfg('nginx_header_allow_origin') }};
add_header 'Access-Control-Allow-Credentials' true;
## If you use HTTPS make sure you disable gzip compression ## If you use HTTPS make sure you disable gzip compression
## to be safe against BREACH attack. ## to be safe against BREACH attack.
{{ 'gzip off;' if cfg_https else ''}} {{ 'gzip off;' if cfg_https else ''}}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment