From dcc7960fef3d48cc66ea515c7fdf0e61bfc80379 Mon Sep 17 00:00:00 2001
From: Kenan Erdogan <kenanerdogan@gmail.com>
Date: Thu, 20 Feb 2020 13:11:54 +0100
Subject: [PATCH] gesis.mybinder.org build redirect: allow all origins if
 request as no origin, otherwise allow only value of request origin
 (https://github.com/jupyterhub/mybinder.org-deploy/issues/1344)

---
 load_balancer/sites-available/gesis_mybinder | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/load_balancer/sites-available/gesis_mybinder b/load_balancer/sites-available/gesis_mybinder
index af2a90c9..3a81ce27 100644
--- a/load_balancer/sites-available/gesis_mybinder
+++ b/load_balancer/sites-available/gesis_mybinder
@@ -1,3 +1,8 @@
+map $http_origin $allowed_origin {
+    default $http_origin;
+    "" "*";
+}
+
 # HTTP server to redirect gesis.mybinder.org 80 traffic to SSL/HTTPS
 server {
     listen 80;
@@ -42,7 +47,7 @@ server {
         limit_except GET {
             deny  all;
         }
-        add_header Access-Control-Allow-Origin $http_origin;
+        add_header Access-Control-Allow-Origin $allowed_origin;
         add_header Vary Origin;
         add_header "Access-Control-Allow-Credentials"  "true";
         add_header 'Access-Control-Allow-Headers' 'cache-control';