Update site.py

web/utils/site.py

@@ -1515,6 +1515,7 @@ class sites(object):
 
         tpl = "#PROXY-START\n\
 location ^~ {from} {\n \
+    {cors}\n\
     proxy_pass {to};\n \
     proxy_set_header Host {host};\n \
     proxy_ssl_server_name on;\n \
@@ -1526,7 +1527,6 @@ location ^~ {from} {\n \
     proxy_http_version 1.1;\n \
     \n \
     add_header X-Cache $upstream_cache_status;\n \
-    {cors}\n \
     \n \
     {proxy_cache}\n \
 }\n\
@@ -1556,10 +1556,13 @@ location ^~ {from} {\n \
     }\n\
 "
         tpl_proxy_cors = "\n\
-    add_header 'Access-Control-Allow-Methods' 'GET,OPTIONS,POST' always;\n \
-    add_header 'Access-Control-Allow-Credentials' 'true';\n \
-    add_header 'Access-Control-Allow-Origin' *;\n \
-    add_header 'Access-Control-Allow-Headers' *;\n \
+    add_header Access-Control-Allow-Origin *;\
+    add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';\
+    add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';\
+    add_header X-Cache $upstream_cache_status;\
+    if ($request_method = 'OPTIONS') {\
+        return 204;\
+    }\
 "
 
         # replace
@@ -1579,7 +1582,7 @@ location ^~ {from} {\n \
         if open_cors == 'on':
             tpl = tpl.replace("{cors}", tpl_proxy_cors, 999)
         else:
-            tpl = tpl.replace("{cors}", tpl_proxy_cors, 999)
+            tpl = tpl.replace("{cors}", '', 999)
 
 
         conf_proxy = "{}/{}.conf".format(self.getProxyPath(site_name), proxy_id)