From c0924a16da69f770652e26d74254ae828e9e845c Mon Sep 17 00:00:00 2001 From: Torben Sorensen Date: Thu, 13 Nov 2025 12:56:04 -0800 Subject: [PATCH] CORS fixing + nginx change --- README.md | 23 ++++++++ ...tes-available-flyer-crawler.projectium.com | 58 +++++++++++++++++++ supabase/functions/_shared/cors.ts | 6 +- 3 files changed, 86 insertions(+), 1 deletion(-) create mode 100644 etc-nginx-sites-available-flyer-crawler.projectium.com diff --git a/README.md b/README.md index 424c9424..8f69ad9b 100644 --- a/README.md +++ b/README.md @@ -440,3 +440,26 @@ npx supabase gen types typescript --project-id azmmnxkvjryracrnmhvj --schema pub ``` After running, you may need to restart your IDE's TypeScript server to pick up the changes. + + + + +# NGINX mime types issue + +sudo nano /etc/nginx/mime.types + +change + +application/javascript js; + +TO + +application/javascript js mjs; + +RESTART NGINX + +sudo nginx -t +sudo systemctl reload nginx + + +actually the proper change was to do this in the /etc/nginx/sites-available/flyer-crawler.projectium.com file \ No newline at end of file diff --git a/etc-nginx-sites-available-flyer-crawler.projectium.com b/etc-nginx-sites-available-flyer-crawler.projectium.com new file mode 100644 index 00000000..b95a8d92 --- /dev/null +++ b/etc-nginx-sites-available-flyer-crawler.projectium.com @@ -0,0 +1,58 @@ +server { + # Listen on port 80 for incoming HTTP requests. + + # The root directory where your built application files are located. + # This matches the destination in your rsync command. + root /var/www/flyer-crawler.projectium.com; + + # The default file to serve if a directory is requested. + index index.html; + + # The domain name this configuration applies to. + server_name flyer-crawler.projectium.com; + + location / { + # This is the crucial part for a Single-Page Application (SPA). + # 1. It first tries to serve the requested file ($uri). + # 2. If it's a directory, it tries to serve the directory ($uri/). + # 3. If neither exists, it falls back to serving /index.html. + # This allows your React Router to handle the URL on the client-side. + try_files $uri $uri/ /index.html; + } + + + # This block specifically targets requests for .mjs files. + location ~ \.mjs$ { + # It ensures that these files are served with the correct JavaScript MIME type. + # The 'include' directive pulls in the standard MIME types, + # and 'default_type' ensures our target type is set. + include /etc/nginx/mime.types; + default_type application/javascript; + } + + # Optional: Add headers to improve security and prevent clickjacking. + add_header X-Frame-Options "SAMEORIGIN" always; + add_header X-XSS-Protection "1; mode=block" always; + add_header X-Content-Type-Options "nosniff" always; + + listen [::]:443 ssl ipv6only=on; # managed by Certbot + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/flyer-crawler.projectium.com/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/flyer-crawler.projectium.com/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + +} +server { + if ($host = flyer-crawler.projectium.com) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + listen 80; + listen [::]:80; + server_name flyer-crawler.projectium.com; + return 404; # managed by Certbot + + +} diff --git a/supabase/functions/_shared/cors.ts b/supabase/functions/_shared/cors.ts index 2a190624..d6decb17 100644 --- a/supabase/functions/_shared/cors.ts +++ b/supabase/functions/_shared/cors.ts @@ -1,6 +1,10 @@ // This file provides shared CORS headers for Supabase Edge Functions. // It allows the web application to securely call these backend functions. export const corsHeaders = { - 'Access-Control-Allow-Origin': '*', + // Allow requests from your specific frontend domain. + // Using a wildcard '*' is not secure and doesn't work with authenticated requests. + 'Access-Control-Allow-Origin': 'https://flyer-crawler.projectium.com', + // Specify which methods are allowed for CORS requests. + 'Access-Control-Allow-Methods': 'GET, POST, PUT, DELETE, OPTIONS', 'Access-Control-Allow-Headers': 'authorization, x-client-info, apikey, content-type', };