matrix-nginx-proxy: specify Origin header, comply with CORS

Self-checks against the .well-known URIs look for the HTTP header
"Access-Control-Allow-Origin" indicating that the remode endpoint
supports CORS. But the remote server is not required to include
said header in the response if the HTTP request does not include
the "Origin" header. This is in accordance with the specification
[1] stating: 'A CORS request is an HTTP request that includes an
"Origin" header.'

This is in fact true for Gitlab pages hosting and that's why the
issue was identified.

Let's specify "Origin" header in the respective uri tasks performing
the HTTP request and ensure a CORS request.

[1] https://fetch.spec.whatwg.org/#http-requests
This commit is contained in:
Alexandros Afentoulis 2021-03-15 11:22:37 +02:00 committed by Alexandros Afentoulis
parent 7215fd4319
commit 28c255539c

View file

@ -12,6 +12,8 @@
follow_redirects: none follow_redirects: none
return_content: true return_content: true
validate_certs: "{{ well_known_file_check.validate_certs }}" validate_certs: "{{ well_known_file_check.validate_certs }}"
headers:
Origin: example.com
check_mode: no check_mode: no
register: result_well_known_matrix register: result_well_known_matrix
ignore_errors: true ignore_errors: true
@ -40,6 +42,8 @@
follow_redirects: "{{ well_known_file_check.follow_redirects }}" follow_redirects: "{{ well_known_file_check.follow_redirects }}"
return_content: true return_content: true
validate_certs: "{{ well_known_file_check.validate_certs }}" validate_certs: "{{ well_known_file_check.validate_certs }}"
headers:
Origin: example.com
check_mode: no check_mode: no
register: result_well_known_identity register: result_well_known_identity
ignore_errors: true ignore_errors: true