diff --git a/dispatcher/src/conf.d/available_vhosts/wknd.vhost b/dispatcher/src/conf.d/available_vhosts/wknd.vhost index 199e54b1f3..2cdc8235c0 100644 --- a/dispatcher/src/conf.d/available_vhosts/wknd.vhost +++ b/dispatcher/src/conf.d/available_vhosts/wknd.vhost @@ -41,8 +41,6 @@ Include conf.d/variables/custom.vars SetEnvIfExpr "req_novary('Access-Control-Request-Method') != '' && %{REQUEST_METHOD} == 'OPTIONS' && req_novary('Origin') != ''" CORSType=preflight CORSProcessing=true CORSTrusted=false SetEnvIfExpr "req_novary('Origin') -strcmatch 'https://%{HTTP_HOST}*'" CORSType=samedomain CORSProcessing=false CORSTrusted=true SetEnvIfExpr "req_novary('Origin') -strcmatch 'http://%{HTTP_HOST}*'" CORSType=samedomain CORSProcessing=false CORSTrusted=true - #SetEnvIfExpr "env('origin_host') == env('my_request_host')" CORSType=samedomain CORSProcessing=false CORSTrusted=true - # For requests that require CORS processing, check if the Origin can be trusted SetEnvIfExpr "%{HTTP_HOST} =~ /(.*)/ " ParsedHost=$1 @@ -80,10 +78,10 @@ Include conf.d/variables/custom.vars Header always set Access-Control-Allow-Headers "Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers" "expr=reqenv('CORSTrusted') == 'true'" # Uncomment while debugging - Header always set Debug-CORSProcessing "true" "expr=reqenv('CORSProcessing') == 'true'" - Header always set Debug-CORSProcessing "false" "expr=reqenv('CORSProcessing') == 'false'" - Header always set Debug-CORSTrusted "false" "expr=reqenv('CORSTrusted') == 'false'" - Header always set Debug-CORSTrusted "true" "expr=reqenv('CORSTrusted') == 'true'" + # Header always set Debug-CORSProcessing "true" "expr=reqenv('CORSProcessing') == 'true'" + # Header always set Debug-CORSProcessing "false" "expr=reqenv('CORSProcessing') == 'false'" + # Header always set Debug-CORSTrusted "false" "expr=reqenv('CORSTrusted') == 'false'" + # Header always set Debug-CORSTrusted "true" "expr=reqenv('CORSTrusted') == 'true'" # Non-CORS or Not Trusted Header unset Access-Control-Allow-Credentials "expr=reqenv('CORSProcessing') == 'false' || reqenv('CORSTrusted') == 'false'"