Fix db-dump config

PhilippMDoerner · PhilippMDoerner · commit b20a319b5cd1 · 2024-12-31T23:36:21.000+01:00
diff --git a/buildFiles/nginx/nginx_prod.conf b/buildFiles/nginx/nginx_prod.conf
@@ -37,6 +37,16 @@ http {
     proxy_send_timeout 600;
 
     #gzip  on;
+    
+    # Default: Nginx does not set empty string headers, therefore no header will be set
+    # Second regex matches localhost:XXXX
+    # This map block tries to match the contents of http_origin against the regexes below. 
+    # If a regex matches, the value under $allow_origin is put into the $allow_origin variable.
+    map     "$http_origin"                                $allow_origin {
+            default                                     '';
+            "~^https?:\/\/(.*\.)?aldrune.com(:\d+)?$"   "$http_origin";
+            "~^https?:\/\/(.*\.)?localhost(:\d+)?$"     "$http_origin"; 
+    }
 
     server {
         listen 80;
@@ -60,14 +70,16 @@ http {
 
         root /frontend;
         
-                    
         gzip on;
         gzip_vary on;
         gzip_min_length 1000;
         gzip_proxied any;
         gzip_comp_level 9;
         gzip_types text/plain text/css application/json application/javascript application/x-javascript text/javascript text/xml application/xml application/xml+rss;
 
+        # Allows the origin of the request if it matched any of the regular expressions in the block `map $http_origin $allow_origin`
+        add_header 'Access-Control-Allow-Origin' $allow_origin; 
+        
         # Config stuff
         location /nginx_status {
             # Enable Nginx stats
@@ -81,15 +93,13 @@ http {
         # Image files
         location /media/ {
             #CORS
-            add_header Access-Control-Allow-Origin '*';
             add_header Cache-Control 'public, max-age=604800';  # cache for 1 week
 
             alias /imagemedia/;
         }
 
         location /campaign_icons/ {
             #CORS
-            add_header Access-Control-Allow-Origin '*';
             add_header Cache-Control 'public, max-age=604800';  # cache for 1 week
 
             alias /imagemedia/campaign_icons/;
@@ -115,7 +125,6 @@ http {
         # Serves audiofiles for streaming
         location /session_audio/ {
             #CORS
-            add_header Access-Control-Allow-Origin '*';
             alias /session_audio/;
         }
 
@@ -132,10 +141,10 @@ http {
             report_uploads uploads;
         }
         
-        location /db_dumps/ {
+        location /wiki1/api/db_dumps/ {
+
             # Serves files from /db_dumps/ but checks for authentication first
             auth_request /auth ;
-            add_header Access-Control-Allow-Origin '*';
             add_header Cache-Control 'public, max-age=21600';  # cache for 6h
             alias /db_dumps/;
         }
@@ -155,6 +164,8 @@ http {
         location /wiki1/api {
             rewrite ^/wiki1/api/(.*) /$1  break; #Removes "/wiki1/api" from the url for the web-application-server
             
+            add_header Access-Control-Allow-Credentials true;
+
             proxy_pass http://nswebserver:8080; #Hands request over to localhost:8080 where the web-application server is
             proxy_set_header Host $host;
             proxy_send_timeout          300s;
@@ -167,8 +178,6 @@ http {
         # Serves the frontend which is an angular application        
         location /wiki2 {
             # CORS
-            add_header Access-Control-Allow-Origin '*';
-
             # Cache headers
             add_header Cache-Control 'public, max-age=86400';  # cache for 1 day
 
