CORS fixing + nginx change

README.md

@@ -440,3 +440,26 @@ npx supabase gen types typescript --project-id azmmnxkvjryracrnmhvj --schema pub
 ```
 
 After running, you may need to restart your IDE's TypeScript server to pick up the changes.
+
+
+
+
+# NGINX mime types issue
+
+sudo nano /etc/nginx/mime.types
+
+change
+
+application/javascript                js;
+
+TO
+
+application/javascript                js mjs;
+
+RESTART NGINX
+
+sudo nginx -t
+sudo systemctl reload nginx
+
+
+actually the proper change was to do this in the /etc/nginx/sites-available/flyer-crawler.projectium.com file

etc-nginx-sites-available-flyer-crawler.projectium.com

@@ -0,0 +1,58 @@
+server {
+    # Listen on port 80 for incoming HTTP requests.
+
+    # The root directory where your built application files are located.
+    # This matches the destination in your rsync command.
+    root /var/www/flyer-crawler.projectium.com;
+
+    # The default file to serve if a directory is requested.
+    index index.html;
+
+    # The domain name this configuration applies to.
+    server_name flyer-crawler.projectium.com;
+
+    location / {
+        # This is the crucial part for a Single-Page Application (SPA).
+        # 1. It first tries to serve the requested file ($uri).
+        # 2. If it's a directory, it tries to serve the directory ($uri/).
+        # 3. If neither exists, it falls back to serving /index.html.
+        # This allows your React Router to handle the URL on the client-side.
+        try_files $uri $uri/ /index.html;
+    }
+
+
+    # This block specifically targets requests for .mjs files.
+    location ~ \.mjs$ {
+        # It ensures that these files are served with the correct JavaScript MIME type.
+        # The 'include' directive pulls in the standard MIME types,
+        # and 'default_type' ensures our target type is set.
+        include /etc/nginx/mime.types;
+        default_type application/javascript;
+    }
+
+    # Optional: Add headers to improve security and prevent clickjacking.
+    add_header X-Frame-Options "SAMEORIGIN" always;
+    add_header X-XSS-Protection "1; mode=block" always;
+    add_header X-Content-Type-Options "nosniff" always;
+
+    listen [::]:443 ssl ipv6only=on; # managed by Certbot
+    listen 443 ssl; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/flyer-crawler.projectium.com/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/flyer-crawler.projectium.com/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+}
+server {
+    if ($host = flyer-crawler.projectium.com) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+
+
+    listen 80;
+    listen [::]:80;
+    server_name flyer-crawler.projectium.com;
+    return 404; # managed by Certbot
+
+
+}

supabase/functions/_shared/cors.ts

@@ -1,6 +1,10 @@
 // This file provides shared CORS headers for Supabase Edge Functions.
 // It allows the web application to securely call these backend functions.
 export const corsHeaders = {
-  'Access-Control-Allow-Origin': '*',
+  // Allow requests from your specific frontend domain.
+  // Using a wildcard '*' is not secure and doesn't work with authenticated requests.
+  'Access-Control-Allow-Origin': 'https://flyer-crawler.projectium.com',
+  // Specify which methods are allowed for CORS requests.
+  'Access-Control-Allow-Methods': 'GET, POST, PUT, DELETE, OPTIONS',
   'Access-Control-Allow-Headers': 'authorization, x-client-info, apikey, content-type',
 };