Fixed nginx.conf

PalisadoesFoundation · Dec 6, 2024 · dbde2d5 · dbde2d5
1 parent d3d51fa
commit dbde2d5
Showing 1 changed file with 8 additions and 13 deletions.
diff --git a/nginx.conf b/nginx.conf
@@ -1,36 +1,30 @@
 server {
     listen 80;
-    server_name domain.com;
-
-    # Redirect HTTP to HTTPS
-    # return 301 https://$host$request_uri;
-
+    server_name ${NGINX_SERVER_NAME};
+
+    # TODO: Add SSL configuration
     # listen 443 ssl;
-    # server_name domain.com;
-
-    # SSL Certificates
     # ssl_certificate /etc/nginx/ssl/cert.pem;
     # ssl_certificate_key /etc/nginx/ssl/key.pem;
 
     root /usr/share/nginx/html;
     index index.html;
 
-    # Security Headers
     add_header X-Frame-Options "DENY";
     add_header X-Content-Type-Options "nosniff";
     add_header X-XSS-Protection "1; mode=block";
     add_header Referrer-Policy "strict-origin-when-cross-origin";
-    # add_header Content-Security-Policy "default-src 'self'; connect-src 'self' https://your-graphql-server.com;";
+    # add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self'; connect-src 'self' https://api.com;";
+
 
-    # Static Files and SPA Routing
     location / {
         try_files $uri /index.html;
     }
 
-    # Proxy GraphQL API
     location /graphql/ {
         proxy_pass http://127.0.0.1:4000/graphql/;
-        add_header Access-Control-Allow-Origin https://your-react-app-domain.com;
+        # CORS should be made strict before deployment (currently allows access from any origin)
+        add_header Access-Control-Allow-Origin *;
         add_header Access-Control-Allow-Methods "GET, POST, OPTIONS";
         add_header Access-Control-Allow-Headers "Content-Type, Authorization";
         proxy_http_version 1.1;
@@ -50,4 +44,5 @@ server {
     gzip_vary on;
 
     error_page 404 /index.html;
+
 }