From ee4c97bab4eac4fe257ce287eb70d37a80a62692 Mon Sep 17 00:00:00 2001
From: Ralph Bean <rbean@redhat.com>
Date: Tue, 18 Aug 2015 04:24:21 +0000
Subject: [PATCH] w3c recommends detecting the client origin and echoing it
 back to them if it matches ours.

---
 roles/bodhi2/base/templates/bodhi-app.conf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/bodhi2/base/templates/bodhi-app.conf b/roles/bodhi2/base/templates/bodhi-app.conf
index c3d0483737..4cafd3633a 100644
--- a/roles/bodhi2/base/templates/bodhi-app.conf
+++ b/roles/bodhi2/base/templates/bodhi-app.conf
@@ -2,8 +2,8 @@ Alias /static /usr/lib/python2.7/site-packages/bodhi/static/
 
 <Directory /usr/lib/python2.7/site-packages/bodhi/static>
     # modern browsers require that fonts have this
-    Header set Access-Control-Allow-Origin "https://*.fedoraproject.org"
-    Header set Access-Control-Allow-Origin "http://*.fedoraproject.org"
+    SetEnvIf Origin "^http(s)?://(.+\.)?fedoraproject\.org$" AccessControlAllowOrigin=$0
+    Header set Access-Control-Allow-Origin %{AccessControlAllowOrigin} env=AccessControlAllowOrigin
 </Directory>
 
 WSGIDaemonProcess bodhi user=bodhi group=bodhi display-name=bodhi processes={{wsgi_procs}} threads={{wsgi_threads}}