Greg/WeightTracker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: disable auth for data API endpoints and add CORS preflight handling

Browse Source
This commit is contained in:
Greg 2025-05-27 01:03:21 +02:00
parent 20b5e4b06f
commit cd46d581b5
1 changed files with 14 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
nginx.conf
View File

@ -44,8 +44,10 @@ server {
add_header 'Access-Control-Allow-Headers' 'Origin, X-Requested-With, Content-Type, Accept, Authorization' always;
}
# Proxy requests to the data API
# Proxy requests to the data API - no auth required for API endpoints
location /data/ {
# No authentication for data API to allow the app to save/load data
auth_basic off; # Explicitly disable auth for data API
proxy_pass http://localhost:3000/data/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
@ -59,6 +61,17 @@ server {
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'Origin, X-Requested-With, Content-Type, Accept, Authorization' always;
# Handle preflight requests for the API
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Origin, X-Requested-With, Content-Type, Accept, Authorization';
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain charset=UTF-8';
add_header 'Content-Length' 0;
return 204;
}
}
# Enable browser caching for static assets