From a69c8bef42322e90bb9db4decd6d6f61cdef669d Mon Sep 17 00:00:00 2001
From: Eric F <admin@digitribe.fr>
Date: Wed, 10 Jun 2026 23:37:01 -0400
Subject: [PATCH] CitrineOS Operator UI fully working - CORS fixed, Hasura
 relations, 15 stations

---
 config/nginx-citrineos-core.conf | 33 ++++++++++++++++++++++----------
 1 file changed, 23 insertions(+), 10 deletions(-)

diff --git a/config/nginx-citrineos-core.conf b/config/nginx-citrineos-core.conf
index 7961707..403105e 100644
--- a/config/nginx-citrineos-core.conf
+++ b/config/nginx-citrineos-core.conf
@@ -5,16 +5,12 @@ server {
     # CORS headers for all responses
     add_header Access-Control-Allow-Origin * always;
     add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
-    add_header Access-Control-Allow-Headers "Content-Type, Authorization, X-Hasura-Admin-Secret, X-Hasura-Role, X-Hasura-User-Id, X-Hasura-Allowed-Roles" always;
+    add_header Access-Control-Allow-Headers "Content-Type, Authorization, X-Hasura-Admin-Secret, X-Hasura-Role, X-Hasura-User-Id, X-Hasura-Allowed-Roles, X-Requested-With, Cache-Control" always;
     add_header Access-Control-Max-Age 3600 always;
 
     # Handle preflight OPTIONS
-    if ($request_method = OPTIONS) {
-        add_header Access-Control-Allow-Origin * always;
-        add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
-        add_header Access-Control-Allow-Headers "Content-Type, Authorization, X-Hasura-Admin-Secret, X-Hasura-Role, X-Hasura-User-Id, X-Hasura-Allowed-Roles" always;
-        add_header Access-Control-Max-Age 3600 always;
-        add_header Content-Length 0;
+    location = /options {
+        internal;
         return 204;
     }
 
@@ -30,14 +26,31 @@ server {
         return 200 '{"userPreferences":{"telemetryConsent":false},"ocppRouter":{"networkProfile":"default"}}';
     }
 
-    # Default - proxy to Hasura
-    location / {
+    # GraphQL endpoint
+    location /v1/graphql {
+        proxy_pass http://cariflex-hasura:8080;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_read_timeout 300;
+        proxy_connect_timeout 60;
+    }
+
+    # Default - proxy to Hasura
+    location / {
+        if ($request_method = OPTIONS) {
+            add_header Access-Control-Allow-Origin * always;
+            add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
+            add_header Access-Control-Allow-Headers "Content-Type, Authorization, X-Hasura-Admin-Secret, X-Hasura-Role, X-Hasura-User-Id, X-Hasura-Allowed-Roles, X-Requested-With, Cache-Control" always;
+            add_header Access-Control-Max-Age 3600 always;
+            return 204;
+        }
         proxy_pass http://cariflex-hasura:8080;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
-        proxy_set_header X-Hasura-Admin-Secret "Digitribe972";
         proxy_read_timeout 300;
         proxy_connect_timeout 60;
     }