From ca08893b78b74872c5c4e7a6e01bf933246b21a4 Mon Sep 17 00:00:00 2001
From: Antonio Vivace <avivace4@gmail.com>
Date: Fri, 18 Oct 2024 23:30:25 +0200
Subject: [PATCH] nginx, django: minor improvements for a development setup

---
 hhub/settings.py  |  4 ++--
 nginx/docker.conf | 21 ++++++++++++++-------
 2 files changed, 16 insertions(+), 9 deletions(-)

diff --git a/hhub/settings.py b/hhub/settings.py
index 8820c45..9e3fd3f 100644
--- a/hhub/settings.py
+++ b/hhub/settings.py
@@ -32,9 +32,9 @@
 
 # Allow the following hosts to consume the API
 CORS_ALLOWED_ORIGINS = [
-    "http://127.0.0.1",
-    "https://hh2.gbdev.io",
     "https://hh.gbdev.io",
+    # For e.g. when you're serving Virens locally
+    "http://localhost:3000",
 ]
 
 # Application definition
diff --git a/nginx/docker.conf b/nginx/docker.conf
index 64b4c8c..a62a24c 100644
--- a/nginx/docker.conf
+++ b/nginx/docker.conf
@@ -7,18 +7,25 @@ server {
     server_tokens off;
     client_max_body_size 500M;
 
-    # Django backend
-    location /api {
-        try_files $uri @proxy_api;
-    }
-
-    # Serve entries static assets
+    # Directly serve entries static assets
     location /static {
         autoindex on;
         alias   /db-sources;
+
+        # Relaxed * CORS policy for development
+        if ($request_method = 'GET') {
+            add_header 'Access-Control-Allow-Origin' '*' always;
+            add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
+            add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always;
+            add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
+        }
+    }
+
+    # Reverse proxy the Django backend
+    location /api {
+        try_files $uri @proxy_api;
     }
 
-    # Reverse proxy for Django
     location @proxy_api {
         proxy_set_header X-Forwarded-Proto https;
         proxy_set_header X-Url-Scheme $scheme;