diff --git a/templates/nginx/galaxy-main.j2 b/templates/nginx/galaxy-main.j2 index 75c2fc016..912a5c08a 100644 --- a/templates/nginx/galaxy-main.j2 +++ b/templates/nginx/galaxy-main.j2 @@ -77,6 +77,10 @@ server { add_header X-Frame-Options SAMEORIGIN; add_header X-Content-Type-Options nosniff; + # Add upstream response headers that would otherwise be omitted + add_header Access-Control-Allow-Origin $upstream_http_access_control_allow_origin; + add_header Access-Control-Allow-Methods $upstream_http_access_control_allow_methods; + # CORS if ($http_origin ~ "^https?://(covid19map\.elixir-luxembourg\.org|avivator\.gehlenborglab\.org|www\.bx\.psu\.edu)$") { add_header Access-Control-Allow-Origin $http_origin; diff --git a/templates/nginx/galaxy-test.j2 b/templates/nginx/galaxy-test.j2 index 2db23ce61..d184f1e80 100644 --- a/templates/nginx/galaxy-test.j2 +++ b/templates/nginx/galaxy-test.j2 @@ -57,6 +57,10 @@ server { add_header X-Frame-Options SAMEORIGIN; add_header X-Content-Type-Options nosniff; + # Add upstream response headers that would otherwise be omitted + add_header Access-Control-Allow-Origin $upstream_http_access_control_allow_origin; + add_header Access-Control-Allow-Methods $upstream_http_access_control_allow_methods; + # CORS if ($http_origin ~ "^https?://(covid19map\.elixir-luxembourg\.org|www\.bx\.psu\.edu)$") { add_header Access-Control-Allow-Origin $http_origin;