From 9148bb3463941bfe3fdfecd4dc7d627b1f2babe4 Mon Sep 17 00:00:00 2001 From: Katarina Date: Tue, 15 Jul 2025 16:15:10 +0200 Subject: [PATCH] Amend CORS --- docker/Dockerfile | 8 +++---- docker/entrypoint.sh | 10 +++++++-- nginx.conf => nginx.conf.template | 37 ++++++++++++++++++++++++++++++- src/api/index.ts | 8 ++++++- vite.config.ts | 10 --------- 5 files changed, 55 insertions(+), 18 deletions(-) rename nginx.conf => nginx.conf.template (51%) diff --git a/docker/Dockerfile b/docker/Dockerfile index 541c917..1afd32b 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -18,13 +18,13 @@ RUN mkdir -p /runtime-config && \ USER nginx # Copy built assets -COPY --from=builder --chown=nginx:nginx /app/dist /usr/share/nginx/html +COPY --chown=nginx:nginx dist /usr/share/nginx/html -# Copy our custom nginx config -COPY nginx.conf /etc/nginx/nginx.conf +# Copy nginx config template +COPY --chown=nginx:nginx nginx.conf.template /etc/nginx/templates/ # Copy entrypoint script -COPY docker/entrypoint.sh /entrypoint.sh +COPY --chown=nginx:nginx docker/entrypoint.sh /entrypoint.sh # Make entrypoint executable USER root diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh index 4799161..d63031e 100644 --- a/docker/entrypoint.sh +++ b/docker/entrypoint.sh @@ -4,10 +4,16 @@ set -e # Create runtime config file in writable location cat > /runtime-config/config.js < /etc/nginx/nginx.conf +fi + # Start Nginx exec nginx -g "daemon off;" \ No newline at end of file diff --git a/nginx.conf b/nginx.conf.template similarity index 51% rename from nginx.conf rename to nginx.conf.template index c4686ed..ddfd22f 100644 --- a/nginx.conf +++ b/nginx.conf.template @@ -18,16 +18,33 @@ http { fastcgi_temp_path /tmp/fastcgi_temp; uwsgi_temp_path /tmp/uwsgi_temp; scgi_temp_path /tmp/scgi_temp; + absolute_redirect off; + + map $http_origin $cors_origin { + default ""; + "~*" $http_origin; + } + + upstream backend { + server localhost:8080; + } server { - listen 8080; + listen 7070; server_name localhost; root /usr/share/nginx/html; index index.html; # Handle client-side routing location / { + root /usr/share/nginx/html; + index index.html; try_files $uri $uri/ /index.html; + + # Security headers + add_header X-Content-Type-Options nosniff; + add_header X-Frame-Options "DENY"; + add_header Referrer-Policy "strict-origin-when-cross-origin"; } # Serve config.js from the writable location @@ -37,6 +54,24 @@ http { access_log off; } + location /api/ { + # Proxy to Quarkus + proxy_pass http://backend/; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + + # Relay CORS headers from the backend + proxy_pass_header Access-Control-Allow-Origin; + proxy_pass_header Access-Control-Allow-Methods; + proxy_pass_header Access-Control-Allow-Headers; + proxy_pass_header Access-Control-Allow-Credentials; + } + # Cache static assets location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { expires 1y; diff --git a/src/api/index.ts b/src/api/index.ts index 0bc5ac8..b597ee2 100644 --- a/src/api/index.ts +++ b/src/api/index.ts @@ -1,7 +1,13 @@ import axios from "axios"; import {userManager} from "../stores/auth.ts"; +import {getConfig} from "@/util/config.ts"; -const axiosInstance = axios.create() +const axiosInstance = axios.create({ + baseURL: getConfig().API_BASE_URL || '/api', + headers: { + 'Content-Type': 'application/json' + } +}) axiosInstance.interceptors.request.use(async (config) => { const user = await userManager.getUser() diff --git a/vite.config.ts b/vite.config.ts index 7007ce2..5019edb 100644 --- a/vite.config.ts +++ b/vite.config.ts @@ -24,16 +24,6 @@ export default defineConfig({ '@': path.resolve(__dirname, './src'), } }, - server: { - proxy: { - '/api': { - target: 'http://dex-be:8080', - changeOrigin: true, - secure: true, - rewrite: (path) => path.replace(/^\/api/, '') - } - } - }, build: { // @ts-ignore assetsInclude: [