Conversation
There was a problem hiding this comment.
Pull Request Overview
This PR enhances proxy configurations across Vite and Nginx to better handle CORS and redirect headers, and updates the login component to parse session cookies differently.
- Added a new
/versionsproxy route in both Vite and Nginx with CORS settings. - Refactored
Login.jsxto treat cookies as an object instead of an array. - Consolidated CORS and redirect handling in Nginx, including a shared
@handle_303block.
Reviewed Changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 5 comments.
| File | Description |
|---|---|
| vite.config.js | Added /versions proxy, refined redirect handling. |
| src/components/Auth/Login.jsx | Changed session cookie lookup and storage logic. |
| nginx/default.conf | Introduced CORS headers globally and unified 303 redirects. |
Comments suppressed due to low confidence (1)
src/components/Auth/Login.jsx:53
- The logic assumes
_cookiesis an object with asessionproperty, butJSON.parse(cookies)originally returns an array. Consider reverting to thefindapproach or converting the array to an object keyed by cookie name.
const sessionCookie = _cookies && Object.prototype.hasOwnProperty.call(_cookies, 'session') ? _cookies['session'] : undefined;
| setCookie( | ||
| 'session', | ||
| sessionCookie.value, | ||
| sessionCookie, |
There was a problem hiding this comment.
setCookie expects a string value, but sessionCookie may be an object. Pass sessionCookie.value or serialize the correct property instead.
| expires: expires | ||
| })); | ||
| localStorage.setItem("token", sessionCookie.value) | ||
| localStorage.setItem("token", sessionCookie) |
There was a problem hiding this comment.
You are storing the entire cookie object in localStorage instead of its string value. Use sessionCookie.value for the token.
| localStorage.setItem("token", sessionCookie) | |
| localStorage.setItem("token", sessionCookie.value || sessionCookie) |
|
|
||
| # CORS headers | ||
| add_header Access-Control-Allow-Origin $http_origin always; | ||
| add_header Access-Control-Allow-Credentials true always; |
There was a problem hiding this comment.
CORS headers are repeated in multiple location blocks. Consider moving common headers into a shared include or a global http/server context to reduce duplication.
| # CORS headers | |
| add_header Access-Control-Allow-Origin $http_origin always; | |
| add_header Access-Control-Allow-Credentials true always; |
| # Handle 303 redirects for spec endpoint | ||
| location @handle_303 { | ||
| internal; | ||
| proxy_pass https://uri.olympiangods.org; |
There was a problem hiding this comment.
The @handle_303 block uses a static proxy_pass URL, which discards the original request URI. Use $request_uri or append $uri to preserve the path when forwarding.
| proxy_pass https://uri.olympiangods.org; | |
| proxy_pass https://uri.olympiangods.org$request_uri; |
| }); | ||
| }, | ||
| }, | ||
| '^/[^/]+/[^/]+/versions$': { |
There was a problem hiding this comment.
The new versions proxy block duplicates header-handling logic from other routes. Consider extracting common proxy event handlers into a helper to avoid repetition.
1 participant
No description provided.