Enable Ente CLI persistence and update docs

2025-10-30 11:17:11 -06:00
parent 18d14d09df
commit 66c3625633
2 changed files with 19 additions and 24 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,7 @@
 * Simplified documentation for S3 setup and alias domains
 * Fix CORS responses for auth subdomains and forward real client IPs from Cloudron proxy
 * Remove unsupported Caddy `trusted_proxies` stanza while continuing to trust Cloudron-provided `X-Forwarded-For` headers for accurate logging
+* Set CORS headers via reverse proxy response rewrites so cross-subdomain logins work reliably

 ## 0.4.4 (2025-10-30)

--- a/start.sh
+++ b/start.sh
@@ -565,23 +565,20 @@ cat > "$CADDY_CONFIG" <<EOF_CADDY
    }

    handle_path /api/* {
-        reverse_proxy localhost:8080 {
-            header_up Host {http.request.host}
-            header_up X-Real-IP {http.request.header.X-Forwarded-For}
-            header_up X-Forwarded-For {http.request.header.X-Forwarded-For}
-            header_up X-Forwarded-Proto {http.request.header.X-Forwarded-Proto}
-        }
-        @api_cors {
-            header Origin *
-        }
-        header -Access-Control-Allow-Origin
-        header -Access-Control-Allow-Credentials
-        header @api_cors {
+        @api_cors_subdomain header Origin *
+        header @api_cors_subdomain {
            Access-Control-Allow-Origin {http.request.header.Origin}
            Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
            Access-Control-Allow-Headers "*"
            Access-Control-Allow-Credentials "true"
            Vary "Origin"
+            defer
+        }
+        reverse_proxy localhost:8080 {
+            header_up Host {http.request.host}
+            header_up X-Real-IP {http.request.header.X-Forwarded-For}
+            header_up X-Forwarded-For {http.request.header.X-Forwarded-For}
+            header_up X-Forwarded-Proto {http.request.header.X-Forwarded-Proto}
        }
    }

@@ -685,23 +682,20 @@ cat > "$CADDY_CONFIG" <<EOF_CADDY
    }

    handle_path /api/* {
-        reverse_proxy localhost:8080 {
-            header_up Host {http.request.host}
-            header_up X-Real-IP {http.request.header.X-Forwarded-For}
-            header_up X-Forwarded-For {http.request.header.X-Forwarded-For}
-            header_up X-Forwarded-Proto {http.request.header.X-Forwarded-Proto}
-        }
-        @api_cors {
-            header Origin *
-        }
-        header -Access-Control-Allow-Origin
-        header -Access-Control-Allow-Credentials
-        header @api_cors {
+        @api_cors_path header Origin *
+        header @api_cors_path {
            Access-Control-Allow-Origin {http.request.header.Origin}
            Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
            Access-Control-Allow-Headers "*"
            Access-Control-Allow-Credentials "true"
            Vary "Origin"
+            defer
+        }
+        reverse_proxy localhost:8080 {
+            header_up Host {http.request.host}
+            header_up X-Real-IP {http.request.header.X-Forwarded-For}
+            header_up X-Forwarded-For {http.request.header.X-Forwarded-For}
+            header_up X-Forwarded-Proto {http.request.header.X-Forwarded-Proto}
        }
    }