cors-applevel-fix

.gitignore

@@ -161,4 +161,6 @@ views.json
 *.key
 *.crt
 *cache.json
-.cursor
+.cursor
+
+node_modules/

main.py

@@ -7,6 +7,7 @@ from os.path import exists
 from ariadne import load_schema_from_path, make_executable_schema
 from ariadne.asgi import GraphQL
 from starlette.applications import Starlette
+from starlette.middleware import Middleware
 from starlette.middleware.cors import CORSMiddleware
 from starlette.requests import Request
 from starlette.responses import JSONResponse, Response
@@ -73,6 +74,24 @@ async def graphql_handler(request: Request):
         print(f"GraphQL error: {str(e)}")
         return JSONResponse({"error": str(e)}, status_code=500)
 
+middleware = [
+	    # Начинаем с обработки ошибок
+    Middleware(ExceptionHandlerMiddleware),
+    # CORS должен быть перед другими middleware для корректной обработки preflight-запросов
+    Middleware(
+        CORSMiddleware,
+        allow_origins=[
+            "https://localhost:3000",
+            "https://testing.discours.io",
+            "https://testing3.discours.io",
+            "https://discours.io",
+            "https://new.discours.io"
+        ],
+        allow_methods=["GET", "POST", "OPTIONS"],  # Явно указываем OPTIONS
+        allow_headers=["*"],
+        allow_credentials=True,
+    ),
+]
 
 # Обновляем маршрут в Starlette
 app = Starlette(
@@ -80,6 +99,7 @@ app = Starlette(
         Route("/", graphql_handler, methods=["GET", "POST"]),
         Route("/new-author", WebhookEndpoint),
     ],
+    middleware=middleware,
     lifespan=lifespan,
     debug=True,
 )

nginx.conf.sigil

@@ -1,5 +1,5 @@
 log_format custom '$remote_addr - $remote_user [$time_local] "$request" '
-                  'origin=$http_origin allow_origin=$allow_origin status=$status '
+                  'origin=$http_origin status=$status '
                   '"$http_referer" "$http_user_agent"';
 
 {{ $proxy_settings := "proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; proxy_set_header Host $http_host; proxy_set_header X-Request-Start $msec;" }}
@@ -49,34 +49,6 @@ server {
         {{ $proxy_settings }}
         {{ $gzip_settings }}
 
-        # Handle CORS for OPTIONS method
-        if ($request_method = 'OPTIONS') {
-            add_header 'Access-Control-Allow-Origin' $allow_origin always;
-            add_header 'Access-Control-Allow-Methods' 'POST, GET, OPTIONS';
-            add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization' always;
-            add_header 'Access-Control-Allow-Credentials' 'true' always;
-            add_header 'Access-Control-Max-Age' 1728000;
-            add_header 'Content-Type' 'text/plain; charset=utf-8';
-            add_header 'Content-Length' 0;
-            return 204;
-        }
-
-        # Handle CORS for POST method
-        if ($request_method = 'POST') {
-            add_header 'Access-Control-Allow-Origin' $allow_origin always;
-            add_header 'Access-Control-Allow-Methods' 'POST, GET, OPTIONS' always;
-            add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization' always;
-            add_header 'Access-Control-Allow-Credentials' 'true' always;
-        }
-
-        # Handle CORS for GET method
-        if ($request_method = 'GET') {
-            add_header 'Access-Control-Allow-Origin' $allow_origin always;
-            add_header 'Access-Control-Allow-Methods' 'POST, GET, OPTIONS' always;
-            add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization' always;
-            add_header 'Access-Control-Allow-Credentials' 'true' always;
-        }
-
         proxy_cache my_cache;
         proxy_cache_revalidate on;
         proxy_cache_min_uses 2;
@@ -95,14 +67,7 @@ server {
     }
 
     location ~* \.(mp3|wav|ogg|flac|aac|aif|webm)$ {
-      proxy_pass  http://{{ $.APP }}-{{ $upstream_port }};
-      if ($request_method = 'GET') {
-        add_header 'Access-Control-Allow-Origin' $allow_origin always;
-        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
-        add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization' always;
-        add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
-        add_header 'Access-Control-Allow-Credentials' 'true' always;
-      }
+        proxy_pass  http://{{ $.APP }}-{{ $upstream_port }};
     }