diff --git a/conf/nginx.conf b/conf/nginx.conf index 5614de6..7683fe8 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -5,7 +5,7 @@ set $api_domain "__DOMAIN__"; set $files_domain "__DOMAIN__"; ssl_ecdh_curve secp384r1; more_set_headers "Access-Control-Allow-Origin: '${allowed_origins}'"; -more_set_headers "'Access-Control-Allow-Credentials' true"; +more_set_headers "Access-Control-Allow-Credentials: true"; more_set_headers "Cross-Origin-Resource-Policy: cross-origin"; more_set_headers "Cross-Origin-Embedder-Policy: require-corp"; root __INSTALL_DIR__/; @@ -74,7 +74,7 @@ location ~ ^/api/.*$ { location ~ ^/(blob|block)/.*$ { if ($request_method = 'OPTIONS') { more_set_headers "Access-Control-Allow-Origin: ${allowed_origins}"; - more_set_headers "'Access-Control-Allow-Credentials' true"; + more_set_headers "Access-Control-Allow-Credentials: true"; more_set_headers "Access-Control-Allow-Methods: 'GET, POST, OPTIONS'"; more_set_headers "Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range"; more_set_headers "Access-Control-Max-Age: 1728000";