# CORS Fix Guide for Nginx Deployment ## Problem When accessing the application from other systems on the network via nginx (http://10.10.10.127:7000), CORS errors occur because: 1. Frontend is making requests to `http://localhost:8001` instead of using the nginx proxy 2. Backend CORS needs to explicitly allow the nginx server origin 3. Nginx needs to handle CORS headers properly ## Solution Applied ### 1. Updated Backend CORS Configuration The backend API now explicitly allows requests from: - `http://10.10.10.127:7000` (nginx server) - Localhost addresses for development - All origins (for development flexibility) ### 2. Updated Frontend API URLs The frontend now automatically detects when it's being accessed via nginx and uses the `/api/` proxy path instead of direct API calls. ### 3. Updated Nginx Configuration Added proper CORS headers and preflight request handling in nginx. ## Quick Fix Run the automated fix script: ```bash sudo bash scripts/fix_cors.sh ``` This will: 1. Update nginx configuration 2. Restart backend API 3. Rebuild and restart frontend ## Manual Fix ### Step 1: Update Nginx Config Replace your `/etc/nginx/sites-available/aumentum` with the updated config: ```bash sudo cp nginx/aumentum.conf /etc/nginx/sites-available/aumentum sudo nginx -t sudo systemctl reload nginx ``` ### Step 2: Restart Backend API ```bash sudo systemctl restart plagis-aumentum-api ``` ### Step 3: Rebuild Frontend ```bash cd /home/plagis/workspace/plagis_aumentum/plagis-nextjs npm run build sudo systemctl restart plagis-nextjs ``` ## Updated Nginx Configuration The new nginx config includes: - CORS headers for both frontend and API - Preflight request handling (OPTIONS) - Proper proxy headers - Increased timeouts for long-running requests Key additions: ```nginx # CORS headers for API add_header Access-Control-Allow-Origin * always; add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS, PATCH" always; add_header Access-Control-Allow-Headers "Authorization, Content-Type, Accept, X-Requested-With" always; add_header Access-Control-Allow-Credentials true always; # Handle preflight requests if ($request_method = OPTIONS) { # Return 204 with CORS headers } ``` ## Frontend API URL Logic The frontend now automatically detects the access method: ```typescript // When accessed via nginx (10.10.10.127:7000) API_BASE_URL = '/api' // Uses nginx proxy // When accessed locally API_BASE_URL = 'http://localhost:8001' // Direct API ``` ## Testing After applying fixes: 1. **Test from another system:** ```bash curl -I http://10.10.10.127:7000 curl -I http://10.10.10.127:7000/api/health ``` 2. **Check browser console:** - Open http://10.10.10.127:7000 from another system - Check browser DevTools → Network tab - Verify API calls are going to `/api/` path - No CORS errors should appear 3. **Verify nginx logs:** ```bash sudo tail -f /var/log/nginx/access.log sudo tail -f /var/log/nginx/error.log ``` ## Troubleshooting ### Still Getting CORS Errors? 1. **Check nginx is running:** ```bash sudo systemctl status nginx ``` 2. **Verify nginx config:** ```bash sudo nginx -t ``` 3. **Check backend CORS:** ```bash curl -H "Origin: http://10.10.10.127:7000" \ -H "Access-Control-Request-Method: GET" \ -H "Access-Control-Request-Headers: X-Requested-With" \ -X OPTIONS \ http://localhost:8001/health \ -v ``` 4. **Check frontend is using correct API URL:** - Open browser DevTools → Console - Check network requests - API calls should go to `/api/` not `http://localhost:8001` ### Frontend Not Using Proxy Path? If the frontend is still using `http://localhost:8001`: 1. **Rebuild frontend:** ```bash cd /home/plagis/workspace/plagis_aumentum/plagis-nextjs rm -rf .next npm run build sudo systemctl restart plagis-nextjs ``` 2. **Clear browser cache:** - Hard refresh: Ctrl+Shift+R (or Cmd+Shift+R on Mac) - Or clear browser cache completely ## Security Note The current CORS configuration allows all origins (`*`). For production, you should restrict this to specific domains: ```python # In aumentum_api.py allow_origins=[ "http://10.10.10.127:7000", "https://yourdomain.com", # Add your production domain ] ``` And in nginx: ```nginx add_header Access-Control-Allow-Origin "http://10.10.10.127:7000" always; ```