mirror of
https://github.com/pi-hole/pi-hole
synced 2024-12-22 06:48:07 +00:00
Remove ineffective Access-Control-Allow-Origin header
The Access-Control-Allow-Origin header has only relevance, when a resource is loaded from an external host, so one that does not match the host of the primary loaded website. As the fonts are reasonably loaded via local URLs without hostname or scheme from the blocking page style sheet, they are never seen as external resources, regardless whether the blocking page is shown to the browser from a blocked domain or from the Pi-hole domain/IP. For reference: https://github.com/pi-hole/pi-hole/issues/3462 Signed-off-by: MichaIng <micha@dietpi.com>
This commit is contained in:
parent
43b88cd628
commit
3ef90a9e47
@ -78,11 +78,6 @@ $HTTP["url"] =~ "^/admin/" {
|
||||
"X-Pi-hole" => "The Pi-hole Web interface is working!",
|
||||
"X-Frame-Options" => "DENY"
|
||||
)
|
||||
|
||||
$HTTP["url"] =~ "\.(eot|otf|tt[cf]|woff2?)$" {
|
||||
# Allow Block Page access to local fonts
|
||||
setenv.add-response-header = ( "Access-Control-Allow-Origin" => "*" )
|
||||
}
|
||||
}
|
||||
|
||||
# Block . files from being served, such as .git, .github, .gitignore
|
||||
|
@ -86,11 +86,6 @@ $HTTP["url"] =~ "^/admin/" {
|
||||
"X-Pi-hole" => "The Pi-hole Web interface is working!",
|
||||
"X-Frame-Options" => "DENY"
|
||||
)
|
||||
|
||||
$HTTP["url"] =~ "\.(eot|otf|tt[cf]|woff2?)$" {
|
||||
# Allow Block Page access to local fonts
|
||||
setenv.add-response-header = ( "Access-Control-Allow-Origin" => "*" )
|
||||
}
|
||||
}
|
||||
|
||||
# Block . files from being served, such as .git, .github, .gitignore
|
||||
|
Loading…
Reference in New Issue
Block a user