TDvorak/ClubLogos
1
0
Fork 0
mirror of https://github.com/Dvorinka/ClubLogos.git synced 2026-06-03 19:42:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

push

Browse Source
This commit is contained in:
Tomas Dvorak
2025-10-23 14:39:42 +02:00
parent e6bc2eedb3
commit 025f5beef1
2 changed files with 32 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/main.go
+16 -5
View File
@@ -4,6 +4,7 @@ import (
"database/sql"
"log"
"os"
"net/http"
"github.com/gin-contrib/cors"
"github.com/gin-gonic/gin"
@@ -42,17 +43,27 @@ func main() {
r.Use(cors.New(cors.Config{
AllowOrigins: []string{"*"},
AllowMethods: []string{"GET", "POST", "PUT", "DELETE", "OPTIONS", "PATCH", "HEAD"},
AllowHeaders: []string{"*"},
AllowHeaders: []string{"Origin", "Content-Type", "Accept", "Authorization", "X-Requested-With", "Range", "Accept-Language", "Accept-Encoding", "Cache-Control", "Pragma", "If-Modified-Since"},
ExposeHeaders: []string{"*"},
AllowCredentials: false, // Must be false when using wildcard origins
AllowOriginFunc: func(origin string) bool {
return true // Allow all origins
},
AllowCredentials: false,
AllowOriginFunc: func(origin string) bool { return true },
}))
// Routes
setupRoutes(r)
// Global preflight handler for any path
r.OPTIONS("/*path", func(c *gin.Context) {
c.Header("Access-Control-Allow-Origin", "*")
c.Header("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS, PATCH, HEAD")
reqHeaders := c.GetHeader("Access-Control-Request-Headers")
if reqHeaders == "" {
reqHeaders = "Origin, Content-Type, Accept, Authorization, X-Requested-With, Range, Accept-Language, Accept-Encoding, Cache-Control, Pragma, If-Modified-Since"
}
c.Header("Access-Control-Allow-Headers", reqHeaders)
c.Status(http.StatusNoContent)
})
// Start server
port := os.Getenv("PORT")
if port == "" {
frontend/nginx.conf
+16
View File
@@ -16,6 +16,15 @@ server {
location ~* \.(js|css|png|jpg|jpeg|gif|svg|ico|woff|woff2|ttf|eot)$ {
expires 1y;
add_header Cache-Control "public, immutable";
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' '*' always;
add_header 'Access-Control-Expose-Headers' '*' always;
add_header 'Access-Control-Max-Age' '3600' always;
if ($request_method = 'OPTIONS') {
return 204;
}
}
# API proxy to backend
@@ -50,6 +59,12 @@ server {
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS, PATCH, HEAD' always;
add_header 'Access-Control-Allow-Headers' '*' always;
add_header 'Access-Control-Expose-Headers' '*' always;
add_header 'Access-Control-Max-Age' '3600' always;
if ($request_method = 'OPTIONS') {
return 204;
}
try_files $uri $uri/ /index.html;
}
@@ -59,3 +74,4 @@ server {
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
}