Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
nginx appears to add an automatic `Access-Control-Allow-Origin: *` based on User Agents?
$ curl -i --user user:secret 'https://api.example.com' -H 'User-Agent: Mozilla/5.0'
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 30 Jul 2014 17:55:43 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 2869
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Origin: https://example.com
$ curl -i --user user:secret 'https://api.example.com'
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 30 Jul 2014 17:56:44 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 2869
Connection: keep-alive
Access-Control-Allow-Origin: https://example.com
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.