dev-stack: front pict-rs with nginx CORS sidecar
Some checks failed
ci / regtest (push) Has been cancelled
Some checks failed
ci / regtest (push) Has been cancelled
pict-rs itself doesn't emit Access-Control-* headers; production papers over that with an nginx vhost (deploy/server-deploy/modules/services/ pict-rs.nix), which the dev compose was claiming to mirror but didn't. Cross-origin uploads from the webapp dev server got blocked. Move pict-rs to internal-only (`expose`) and add a pict-rs-nginx sidecar publishing :6033, reusing the exact CORS block from the prod nix module. Closes the dev/prod divergence so browser upload behavior matches between local and deployed. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
parent
c3a832cf27
commit
5c2af3405e
2 changed files with 64 additions and 5 deletions
41
pict-rs-nginx.conf
Normal file
41
pict-rs-nginx.conf
Normal file
|
|
@ -0,0 +1,41 @@
|
|||
events {}
|
||||
|
||||
http {
|
||||
# Mirrors deploy/server-deploy/modules/services/pict-rs.nix so the dev
|
||||
# stack speaks the same CORS contract as production. Webapps (Vite
|
||||
# dev server on a different origin) need preflight handling and the
|
||||
# Access-Control-* headers on responses.
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
server_name _;
|
||||
|
||||
client_max_body_size 50M;
|
||||
|
||||
location / {
|
||||
proxy_pass http://pict-rs:6033;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_connect_timeout 30s;
|
||||
proxy_send_timeout 30s;
|
||||
proxy_read_timeout 30s;
|
||||
|
||||
add_header Access-Control-Allow-Origin "*" always;
|
||||
add_header Access-Control-Allow-Methods "GET, POST, DELETE, OPTIONS" always;
|
||||
add_header Access-Control-Allow-Headers "Content-Type, Authorization, X-Requested-With" always;
|
||||
add_header Access-Control-Max-Age 86400 always;
|
||||
|
||||
if ($request_method = 'OPTIONS') {
|
||||
add_header Access-Control-Allow-Origin "*";
|
||||
add_header Access-Control-Allow-Methods "GET, POST, DELETE, OPTIONS";
|
||||
add_header Access-Control-Allow-Headers "Content-Type, Authorization, X-Requested-With";
|
||||
add_header Access-Control-Max-Age 86400;
|
||||
add_header Content-Length 0;
|
||||
add_header Content-Type text/plain;
|
||||
return 204;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue