From abf540a1cccff0933e0f01e295ee58951bac71d4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ivar=20Conradi=20=C3=98sthus?= <ivar@getunleash.ai>
Date: Tue, 12 Dec 2023 08:05:32 +0100
Subject: [PATCH] fix: add 'Vary: Origin' header to cors response

---
 src/lib/middleware/conditional-middleware.ts | 1 +
 src/lib/middleware/secure-headers.ts         | 1 +
 2 files changed, 2 insertions(+)

diff --git a/src/lib/middleware/conditional-middleware.ts b/src/lib/middleware/conditional-middleware.ts
index c548618c20..3a5eb4a249 100644
--- a/src/lib/middleware/conditional-middleware.ts
+++ b/src/lib/middleware/conditional-middleware.ts
@@ -7,6 +7,7 @@ export const conditionalMiddleware = (
     const router = Router();
 
     router.use((req, res, next) => {
+        res.setHeader('Vary', 'Origin');
         if (condition()) {
             middleware(req, res, next);
         } else {
diff --git a/src/lib/middleware/secure-headers.ts b/src/lib/middleware/secure-headers.ts
index efa6245498..2c5cbfe309 100644
--- a/src/lib/middleware/secure-headers.ts
+++ b/src/lib/middleware/secure-headers.ts
@@ -76,6 +76,7 @@ const secureHeaders: (config: IUnleashConfig) => RequestHandler = (config) => {
                 },
             },
             crossOriginEmbedderPolicy: false,
+            originAgentCluster: false,
         });
     }
     return (req, res, next) => {