From ddd2e9487c9e21608f713636c62dd384ee576db7 Mon Sep 17 00:00:00 2001
From: Maarten de Keizer <bitbucket@maartendekeizer.nl>
Date: Fri, 25 Sep 2020 09:03:04 +0200
Subject: [PATCH] Add empty Access-Control-Allow-Origin header so Datapunt load
 ballancer will not this header with wildcard specification

---
 docker/nginx/vhost.conf | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/docker/nginx/vhost.conf b/docker/nginx/vhost.conf
index 6242b51e..04eda541 100644
--- a/docker/nginx/vhost.conf
+++ b/docker/nginx/vhost.conf
@@ -3,6 +3,10 @@ server {
     listen 0.0.0.0:80;
     root /srv/app/public;
 
+    # Sent empty access control header
+    # If we don't sent this empty header Datapunt loadballancer will add an Access-Control-Allow-Origin: * header, which is a security risk
+    add_header Access-Control-Allow-Origin " ";
+
     location / {
         try_files $uri /index.php$is_args$args;
     }
@@ -33,6 +37,10 @@ server {
 
     root /srv/app/public;
 
+    # Sent empty access control header
+    # If we don't sent this empty header Datapunt loadballancer will add an Access-Control-Allow-Origin: * header, which is a security risk
+    add_header Access-Control-Allow-Origin " ";
+
     ssl on;
 
     ssl_certificate /srv/localhost.crt;