From 65459ad7844752250d8719f8489533df12106b7f Mon Sep 17 00:00:00 2001
From: Tommy <contact@tommytran.io>
Date: Fri, 3 Jan 2025 09:22:33 -0700
Subject: [PATCH] Add Access-Control-Max-Age

---
 etc/nginx/conf.d/sites_nextcloud.conf         | 2 ++
 etc/nginx/snippets/cross-origin-security.conf | 6 +++++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/etc/nginx/conf.d/sites_nextcloud.conf b/etc/nginx/conf.d/sites_nextcloud.conf
index 7256189..f50f0e8 100644
--- a/etc/nginx/conf.d/sites_nextcloud.conf
+++ b/etc/nginx/conf.d/sites_nextcloud.conf
@@ -19,6 +19,8 @@ server {
 
     add_header Cross-Origin-Resource-Policy "same-origin" always;
     add_header Cross-Origin-Opener-Policy "same-origin" always;
+    proxy_hide_header Access-Control-Max-Age;
+    add_header Access-Control-Max-Age "600";
 
     location / {
         proxy_pass http://nextcloud:8080;
diff --git a/etc/nginx/snippets/cross-origin-security.conf b/etc/nginx/snippets/cross-origin-security.conf
index 3861307..52f824c 100644
--- a/etc/nginx/snippets/cross-origin-security.conf
+++ b/etc/nginx/snippets/cross-origin-security.conf
@@ -10,4 +10,8 @@ add_header Cross-Origin-Opener-Policy "same-origin" always;
 # Change COEP to "credentialless" when supported by Safari
 # https://developer.mozilla.org/en-US/docs/Web/API/Window/credentialless
 proxy_hide_header Cross-Origin-Embedder-Policy;
-add_header Cross-Origin-Embedder-Policy "require-corp" always;
\ No newline at end of file
+add_header Cross-Origin-Embedder-Policy "require-corp" always;
+
+# Access-Control-Max-Age
+proxy_hide_header Access-Control-Max-Age;
+add_header Access-Control-Max-Age "600";
\ No newline at end of file