From fdf5f795da6a1722ad430f2b9a07f138d6cc62eb Mon Sep 17 00:00:00 2001
From: Untone <anton.rewin@gmail.com>
Date: Tue, 17 Dec 2024 20:09:39 +0300
Subject: [PATCH] corsfix5

---
 nginx.conf.sigil | 40 ++++++++++++++++++++--------------------
 1 file changed, 20 insertions(+), 20 deletions(-)

diff --git a/nginx.conf.sigil b/nginx.conf.sigil
index 7a42f984..0270e178 100644
--- a/nginx.conf.sigil
+++ b/nginx.conf.sigil
@@ -53,19 +53,17 @@ server {
         {{ $proxy_settings }}
         {{ $gzip_settings }}
 
-        if ($allow_origin != "") {
-            add_header "Access-Control-Allow-Origin" $allow_origin always;
-            add_header "Access-Control-Allow-Credentials" "true" always;
-            add_header "Access-Control-Allow-Methods" "GET, POST, OPTIONS" always;
-            add_header "Access-Control-Allow-Headers" "Authorization, Content-Type, X-Requested-With, DNT, Cache-Control" always;
-        }
-
-        if ($request_method = "OPTIONS") {
-            add_header "Access-Control-Allow-Origin" $allow_origin always;
-            add_header "Access-Control-Allow-Credentials" "true" always;
-            add_header "Access-Control-Allow-Methods" "GET, POST, OPTIONS" always;
-            add_header "Access-Control-Allow-Headers" "Authorization, Content-Type, X-Requested-With, DNT, Cache-Control" always;
-            add_header "Access-Control-Max-Age" 1728000;
+        proxy_hide_header 'Access-Control-Allow-Origin';
+        
+        add_header 'Access-Control-Allow-Origin' $allow_origin always;
+        add_header 'Access-Control-Allow-Credentials' 'true' always;
+        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
+        add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type, X-Requested-With, DNT, Cache-Control' always;
+        add_header 'Access-Control-Max-Age' '1728000' always;
+        
+        if ($request_method = 'OPTIONS') {
+            add_header 'Content-Type' 'text/plain charset=UTF-8';
+            add_header 'Content-Length' 0;
             return 204;
         }
 
@@ -83,16 +81,18 @@ server {
     location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
         expires 30d;
         add_header Cache-Control "public, no-transform";
+        add_header 'Access-Control-Allow-Origin' $allow_origin always;
+        add_header 'Access-Control-Allow-Credentials' 'true' always;
+        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
+        add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type, X-Requested-With, DNT, Cache-Control' always;
     }
 
     location ~* \.(mp3)$ {
-        if ($request_method = 'GET') {
-            add_header 'Access-Control-Allow-Origin' $allow_origin always;
-            add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
-            add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization' always;
-            add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
-            add_header 'Access-Control-Allow-Credentials' 'true' always;
-        }
+        add_header 'Access-Control-Allow-Origin' $allow_origin always;
+        add_header 'Access-Control-Allow-Credentials' 'true' always;
+        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
+        add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type, X-Requested-With, DNT, Cache-Control' always;
+        add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
     }
 
     error_page 400 401 402 403 405 406 407 408 409 410 411 412 413 414 415 416 417 418 420 422 423 424 426 428 429 431 444 449 450 451 /400-error.html;