From 28c255539c1d51cc236e256cbf64b78538925e5b Mon Sep 17 00:00:00 2001
From: Alexandros Afentoulis <github@bloom.re>
Date: Mon, 15 Mar 2021 11:22:37 +0200
Subject: [PATCH] matrix-nginx-proxy: specify Origin header, comply with CORS

Self-checks against the .well-known URIs look for the HTTP header
"Access-Control-Allow-Origin" indicating that the remode endpoint
supports CORS. But the remote server is not required to include
said header in the response if the HTTP request does not include
the "Origin" header. This is in accordance with the specification
[1] stating: 'A CORS request is an HTTP request that includes an
"Origin" header.'

This is in fact true for Gitlab pages hosting and that's why the
issue was identified.

Let's specify "Origin" header in the respective uri tasks performing
the HTTP request and ensure a CORS request.

[1] https://fetch.spec.whatwg.org/#http-requests
---
 roles/matrix-nginx-proxy/tasks/self_check_well_known_file.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/roles/matrix-nginx-proxy/tasks/self_check_well_known_file.yml b/roles/matrix-nginx-proxy/tasks/self_check_well_known_file.yml
index 2cf1ef064..6f831a290 100644
--- a/roles/matrix-nginx-proxy/tasks/self_check_well_known_file.yml
+++ b/roles/matrix-nginx-proxy/tasks/self_check_well_known_file.yml
@@ -12,6 +12,8 @@
     follow_redirects: none
     return_content: true
     validate_certs: "{{ well_known_file_check.validate_certs }}"
+    headers:
+      Origin: example.com
   check_mode: no
   register: result_well_known_matrix
   ignore_errors: true
@@ -40,6 +42,8 @@
     follow_redirects: "{{ well_known_file_check.follow_redirects }}"
     return_content: true
     validate_certs: "{{ well_known_file_check.validate_certs }}"
+    headers:
+      Origin: example.com
   check_mode: no
   register: result_well_known_identity
   ignore_errors: true