fix: proxy API through nginx to fix cross-domain cookie issues

Brave and other privacy-focused browsers block third-party cookies. Instead of cross-domain requests from app.thenetwork to api.thenetwork, nginx now proxies /api/* to the backend, making everything same-origin.
2026-01-30 04:10:56 +00:00
parent 1da92bac58
commit 4d684a9d74
2 changed files with 14 additions and 6 deletions
--- a/nginx.conf
+++ b/nginx.conf
@@ -4,6 +4,16 @@ server {
    root /usr/share/nginx/html;
    index index.html;

+    # Proxy API requests to backend (same-origin = no cookie issues in Brave etc.)
+    location /api/ {
+        proxy_pass https://api.thenetwork.donovankelly.xyz/api/;
+        proxy_set_header Host api.thenetwork.donovankelly.xyz;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_ssl_server_name on;
+    }
+
    location / {
        try_files $uri $uri/ /index.html;
    }