Closed ThibaudDauce closed 2 months ago
No it just indicate to Nginx to cache by the origin header. So if two request with the same Origin
header are sent, Nginx is allowed to reuse the cached response (as I understand it)
Perfect, then! Thank you
If the first request doesn't have an
Origin
we don't set theVary: Origin
so Nginx put the response in cache. Then if a cross origin request the same URL, Nginx returns the same response without theAccess-Control-Allow-Origin
.The other solution could be to always return
Access-Control-Allow-Origin: *
for all API route instead of dynamic responding with theAccess-Control-Allow-Origin: doc.data.gouv.fr
for each origin.