From 90149308ffb7ba27c2ab91c576d5c4624544e8a5 Mon Sep 17 00:00:00 2001
From: Robert Shilston <robert@shilston.com>
Date: Wed, 21 Apr 2021 10:52:56 +0100
Subject: [PATCH] Ensure vary header is always set

This supports the use of flask-cors behind intermediate caches / CDNs.
---
 flask_cors/core.py | 12 +++---------
 1 file changed, 3 insertions(+), 9 deletions(-)

diff --git a/flask_cors/core.py b/flask_cors/core.py
index 7654cb1..9a9af3d 100644
--- a/flask_cors/core.py
+++ b/flask_cors/core.py
@@ -208,15 +208,9 @@ def get_cors_headers(options, request_headers, request_method):
 
     # http://www.w3.org/TR/cors/#resource-implementation
     if options.get('vary_header'):
-        # Only set header if the origin returned will vary dynamically,
-        # i.e. if we are not returning an asterisk, and there are multiple
-        # origins that can be matched.
-        if headers[ACL_ORIGIN] == '*':
-            pass
-        elif (len(options.get('origins')) > 1 or
-              len(origins_to_set) > 1 or
-              any(map(probably_regex, options.get('origins')))):
-            headers.add('Vary', 'Origin')
+        # Always set a vary header, so that intermediate caches know
+        # that there might be varying versions of this resource.
+        headers.add('Vary', 'Origin')
 
     return MultiDict((k, v) for k, v in headers.items() if v)