refactor: remove CORS settings from nginx configuration for improved …

…security
hasadna · Dec 10, 2024 · f545c9c · f545c9c
1 parent c72d9f7
commit f545c9c
Showing 1 changed file with 0 additions and 4 deletions.
diff --git a/nginx-default.conf b/nginx-default.conf
@@ -13,9 +13,5 @@ server {
         add_header Referrer-Policy no-referrer-when-downgrade;
         add_header Content-Security-Policy "default-src 'self'; script-src 'self' https://www.google-analytics.com https://www.googletagmanager.com; style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' *.hasadna.org.il;";
 
-        # CORS settings
-        add_header Access-Control-Allow-Origin "self https://www.google-analytics.com https://www.googletagmanager.com https://fonts.gstatic.com https://fonts.googleapis.com *.hasadna.org.il";
-        add_header Access-Control-Allow-Methods "GET, POST, OPTIONS";
-        add_header Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept";
     }
 }