pkartch/basil
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity

fix: add CORS headers to nginx proxy configuration
Some checks failed
CI Pipeline / Lint Code (push) Has been cancelled
Details
CI Pipeline / Test API Package (push) Has been cancelled
Details
CI Pipeline / Test Web Package (push) Has been cancelled
Details
CI Pipeline / Test Shared Package (push) Has been cancelled
Details
Docker Build & Deploy / Build Docker Images (push) Has been cancelled
Details
E2E Tests / End-to-End Tests (push) Has been cancelled
Details
E2E Tests / E2E Tests (Mobile) (push) Has been cancelled
Details
Security Scanning / NPM Audit (push) Has been cancelled
Details
Security Scanning / Dependency License Check (push) Has been cancelled
Details
Security Scanning / Code Quality Scan (push) Has been cancelled
Details
Security Scanning / Docker Image Security (push) Has been cancelled
Details
CI Pipeline / Build All Packages (push) Has been cancelled
Details
CI Pipeline / Generate Coverage Report (push) Has been cancelled
Details
Docker Build & Deploy / Push Docker Images (push) Has been cancelled
Details
Docker Build & Deploy / Deploy to Staging (push) Has been cancelled
Details
Docker Build & Deploy / Deploy to Production (push) Has been cancelled
Details
Security Scanning / Security Summary (push) Has been cancelled
Details

Browse Source 
Added comprehensive CORS headers to the nginx proxy configuration to
fix network errors when the frontend tries to fetch from the API.

Changes:
- Added Access-Control-Allow-Origin header with dynamic origin
- Added Access-Control-Allow-Methods for all needed HTTP methods
- Added Access-Control-Allow-Headers for Content-Type and Authorization
- Added Access-Control-Allow-Credentials for cookie support
- Added X-Forwarded-Proto header to pass HTTPS scheme to backend
- Implemented preflight OPTIONS request handling

This resolves "NetworkError when attempting to fetch resource" errors
in the browser by ensuring proper CORS handling at the nginx level.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Paul R Kartchner
2025-11-26 15:42:45 +00:00
parent 1d20d75069
commit 35a3088c30
1 changed files with 23 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
packages/web/nginx.conf
View File

@@ -19,7 +19,30 @@ server {
proxy_cache_bypass $http_upgrade; proxy_cache_bypass $http_upgrade;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Origin $http_origin;
client_max_body_size 20M; client_max_body_size 20M;
# Pass through CORS headers from API
proxy_hide_header Access-Control-Allow-Origin;
proxy_hide_header Access-Control-Allow-Methods;
proxy_hide_header Access-Control-Allow-Headers;
proxy_hide_header Access-Control-Allow-Credentials;
add_header Access-Control-Allow-Origin $http_origin always;
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
add_header Access-Control-Allow-Headers "Content-Type, Authorization" always;
add_header Access-Control-Allow-Credentials "true" always;
# Handle preflight OPTIONS requests
if ($request_method = 'OPTIONS') {
add_header Access-Control-Allow-Origin $http_origin always;
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
add_header Access-Control-Allow-Headers "Content-Type, Authorization" always;
add_header Access-Control-Allow-Credentials "true" always;
add_header Content-Length 0;
add_header Content-Type text/plain;
return 204;
}
} }
# Proxy uploads requests to backend # Proxy uploads requests to backend