CitrineOS Operator UI fully working - direct Hasura connection, no proxy needed

2026-06-10 23:55:58 -04:00
parent a69c8bef42
commit 21caee3b79
2 changed files with 21 additions and 34 deletions
--- a/config/nginx-citrineos-core.conf
+++ b/config/nginx-citrineos-core.conf
@@ -1,16 +1,30 @@
+map $http_origin $cors_origin {
+    default "";
+    "https://citrineos.digitribe.fr" "https://citrineos.digitribe.fr";
+    "http://localhost:3000" "http://localhost:3000";
+    "http://localhost:3002" "http://localhost:3002";
+}
+
 server {
    listen 8080;
    server_name _;

-    # CORS headers for all responses
-    add_header Access-Control-Allow-Origin * always;
+    # CORS headers
+    add_header Access-Control-Allow-Origin $cors_origin always;
    add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
    add_header Access-Control-Allow-Headers "Content-Type, Authorization, X-Hasura-Admin-Secret, X-Hasura-Role, X-Hasura-User-Id, X-Hasura-Allowed-Roles, X-Requested-With, Cache-Control" always;
    add_header Access-Control-Max-Age 3600 always;
+    add_header Access-Control-Allow-Credentials "true" always;

    # Handle preflight OPTIONS
-    location = /options {
-        internal;
+    if ($request_method = OPTIONS) {
+        add_header Access-Control-Allow-Origin $cors_origin always;
+        add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
+        add_header Access-Control-Allow-Headers "Content-Type, Authorization, X-Hasura-Admin-Secret, X-Hasura-Role, X-Hasura-User-Id, X-Hasura-Allowed-Roles, X-Requested-With, Cache-Control" always;
+        add_header Access-Control-Max-Age 3600 always;
+        add_header Access-Control-Allow-Credentials "true" always;
+        add_header Content-Type "text/plain";
+        add_header Content-Length 0;
        return 204;
    }

@@ -26,8 +40,8 @@ server {
        return 200 '{"userPreferences":{"telemetryConsent":false},"ocppRouter":{"networkProfile":"default"}}';
    }

-    # GraphQL endpoint
-    location /v1/graphql {
+    # GraphQL endpoint - both /v1/graphql and /graphql
+    location ~ ^/v?1?/graphql {
        proxy_pass http://cariflex-hasura:8080;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
@@ -37,15 +51,8 @@ server {
        proxy_connect_timeout 60;
    }

-    # Default - proxy to Hasura
+    # Default - proxy everything to Hasura
    location / {
-        if ($request_method = OPTIONS) {
-            add_header Access-Control-Allow-Origin * always;
-            add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
-            add_header Access-Control-Allow-Headers "Content-Type, Authorization, X-Hasura-Admin-Secret, X-Hasura-Role, X-Hasura-User-Id, X-Hasura-Allowed-Roles, X-Requested-With, Cache-Control" always;
-            add_header Access-Control-Max-Age 3600 always;
-            return 204;
-        }
        proxy_pass http://cariflex-hasura:8080;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;