how to restrict Access-Control-Allow-Origin : * when deploying application using tomcat and nginx in AWS

Question

We are deploying application in AWS using nginx and tomcat. It is Grails 3 application. We want to restrict the Access-Control-Allow-Origin to only domain that we allow rather than *.

We have added some change in nginx conf file but it is adding additional header as Access-Control-Allow-Origin: https://*.xyz and keep Access-Control-Allow-Origin: *. So basically sending two Access-Control-Allow-Origin header. The application is behind application load balancer.

Add your nginx config (omitting the private parts) to your question. — Ivan Shatsky, Nov 18 '20 at 18:09

score 0 · Answer 1 · answered Feb 02 '21 at 22:24

0

I noticed that additional Access-Control-Allow-Origin: * is coming from siteminder server rather than nginx or ALB.

answered Feb 02 '21 at 22:24

arvind

106
7

how to restrict Access-Control-Allow-Origin : * when deploying application using tomcat and nginx in AWS

1 Answers1