From bc674ea696f88a25421c5a8be9107ef0450f0c8a Mon Sep 17 00:00:00 2001 From: kcar Date: Wed, 27 May 2026 16:51:28 +0100 Subject: [PATCH] fix(kong): persist Supabase CORS config --- volumes/api/kong.yml | 378 ++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 371 insertions(+), 7 deletions(-) diff --git a/volumes/api/kong.yml b/volumes/api/kong.yml index 4262d8a..1c7eb71 100644 --- a/volumes/api/kong.yml +++ b/volumes/api/kong.yml @@ -44,6 +44,41 @@ services: - /auth/v1/verify plugins: - name: cors + config: + origins: + - "https://app.classroomcopilot.ai" + - "https://api.classroomcopilot.ai" + - "http://192.168.0.74" + - "http://localhost:3000" # keep for local dev if needed + - "http://localhost:5173" # vite default + methods: + - GET + - POST + - PUT + - PATCH + - DELETE + - OPTIONS + - HEAD + headers: + - Accept + - Accept-Profile + - Authorization + - Content-Type + - Content-Profile + - X-Client-Info + - X-Supabase-Api-Version + - apikey + - Prefer + - Range + - Range-Unit + - X-Requested-With + exposed_headers: + - Content-Range + - Content-Profile + - X-Total-Count + credentials: true + max_age: 3600 + preflight_continue: false - name: auth-v1-open-callback url: http://auth:9999/callback routes: @@ -53,6 +88,41 @@ services: - /auth/v1/callback plugins: - name: cors + config: + origins: + - "https://app.classroomcopilot.ai" + - "https://api.classroomcopilot.ai" + - "http://192.168.0.74" + - "http://localhost:3000" # keep for local dev if needed + - "http://localhost:5173" # vite default + methods: + - GET + - POST + - PUT + - PATCH + - DELETE + - OPTIONS + - HEAD + headers: + - Accept + - Accept-Profile + - Authorization + - Content-Type + - Content-Profile + - X-Client-Info + - X-Supabase-Api-Version + - apikey + - Prefer + - Range + - Range-Unit + - X-Requested-With + exposed_headers: + - Content-Range + - Content-Profile + - X-Total-Count + credentials: true + max_age: 3600 + preflight_continue: false - name: auth-v1-open-authorize url: http://auth:9999/authorize routes: @@ -62,7 +132,41 @@ services: - /auth/v1/authorize plugins: - name: cors - + config: + origins: + - "https://app.classroomcopilot.ai" + - "https://api.classroomcopilot.ai" + - "http://192.168.0.74" + - "http://localhost:3000" # keep for local dev if needed + - "http://localhost:5173" # vite default + methods: + - GET + - POST + - PUT + - PATCH + - DELETE + - OPTIONS + - HEAD + headers: + - Accept + - Accept-Profile + - Authorization + - Content-Type + - Content-Profile + - X-Client-Info + - X-Supabase-Api-Version + - apikey + - Prefer + - Range + - Range-Unit + - X-Requested-With + exposed_headers: + - Content-Range + - Content-Profile + - X-Total-Count + credentials: true + max_age: 3600 + preflight_continue: false ## Secure Auth routes - name: auth-v1 _comment: 'GoTrue: /auth/v1/* -> http://auth:9999/*' @@ -74,6 +178,41 @@ services: - /auth/v1/ plugins: - name: cors + config: + origins: + - "https://app.classroomcopilot.ai" + - "https://api.classroomcopilot.ai" + - "http://192.168.0.74" + - "http://localhost:3000" # keep for local dev if needed + - "http://localhost:5173" # vite default + methods: + - GET + - POST + - PUT + - PATCH + - DELETE + - OPTIONS + - HEAD + headers: + - Accept + - Accept-Profile + - Authorization + - Content-Type + - Content-Profile + - X-Client-Info + - X-Supabase-Api-Version + - apikey + - Prefer + - Range + - Range-Unit + - X-Requested-With + exposed_headers: + - Content-Range + - Content-Profile + - X-Total-Count + credentials: true + max_age: 3600 + preflight_continue: false - name: key-auth config: hide_credentials: false @@ -95,6 +234,41 @@ services: - /rest/v1/ plugins: - name: cors + config: + origins: + - "https://app.classroomcopilot.ai" + - "https://api.classroomcopilot.ai" + - "http://192.168.0.74" + - "http://localhost:3000" # keep for local dev if needed + - "http://localhost:5173" # vite default + methods: + - GET + - POST + - PUT + - PATCH + - DELETE + - OPTIONS + - HEAD + headers: + - Accept + - Accept-Profile + - Authorization + - Content-Type + - Content-Profile + - X-Client-Info + - X-Supabase-Api-Version + - apikey + - Prefer + - Range + - Range-Unit + - X-Requested-With + exposed_headers: + - Content-Range + - Content-Profile + - X-Total-Count + credentials: true + max_age: 3600 + preflight_continue: false - name: key-auth config: hide_credentials: true @@ -116,6 +290,41 @@ services: - /graphql/v1 plugins: - name: cors + config: + origins: + - "https://app.classroomcopilot.ai" + - "https://api.classroomcopilot.ai" + - "http://192.168.0.74" + - "http://localhost:3000" # keep for local dev if needed + - "http://localhost:5173" # vite default + methods: + - GET + - POST + - PUT + - PATCH + - DELETE + - OPTIONS + - HEAD + headers: + - Accept + - Accept-Profile + - Authorization + - Content-Type + - Content-Profile + - X-Client-Info + - X-Supabase-Api-Version + - apikey + - Prefer + - Range + - Range-Unit + - X-Requested-With + exposed_headers: + - Content-Range + - Content-Profile + - X-Total-Count + credentials: true + max_age: 3600 + preflight_continue: false - name: key-auth config: hide_credentials: true @@ -143,6 +352,41 @@ services: - /realtime/v1/ plugins: - name: cors + config: + origins: + - "https://app.classroomcopilot.ai" + - "https://api.classroomcopilot.ai" + - "http://192.168.0.74" + - "http://localhost:3000" # keep for local dev if needed + - "http://localhost:5173" # vite default + methods: + - GET + - POST + - PUT + - PATCH + - DELETE + - OPTIONS + - HEAD + headers: + - Accept + - Accept-Profile + - Authorization + - Content-Type + - Content-Profile + - X-Client-Info + - X-Supabase-Api-Version + - apikey + - Prefer + - Range + - Range-Unit + - X-Requested-With + exposed_headers: + - Content-Range + - Content-Profile + - X-Total-Count + credentials: true + max_age: 3600 + preflight_continue: false - name: key-auth config: hide_credentials: false @@ -163,6 +407,41 @@ services: - /realtime/v1/api plugins: - name: cors + config: + origins: + - "https://app.classroomcopilot.ai" + - "https://api.classroomcopilot.ai" + - "http://192.168.0.74" + - "http://localhost:3000" # keep for local dev if needed + - "http://localhost:5173" # vite default + methods: + - GET + - POST + - PUT + - PATCH + - DELETE + - OPTIONS + - HEAD + headers: + - Accept + - Accept-Profile + - Authorization + - Content-Type + - Content-Profile + - X-Client-Info + - X-Supabase-Api-Version + - apikey + - Prefer + - Range + - Range-Unit + - X-Requested-With + exposed_headers: + - Content-Range + - Content-Profile + - X-Total-Count + credentials: true + max_age: 3600 + preflight_continue: false - name: key-auth config: hide_credentials: false @@ -183,7 +462,42 @@ services: - /storage/v1/ plugins: - name: cors - + config: + origins: + - "https://app.classroomcopilot.ai" + - "https://api.classroomcopilot.ai" + - "http://192.168.0.74" + - "http://localhost:3000" # keep for local dev if needed + - "http://localhost:5173" # vite default + methods: + - GET + - POST + - PUT + - PATCH + - DELETE + - OPTIONS + - HEAD + headers: + - Accept + - Accept-Profile + - Authorization + - Content-Type + - Content-Profile + - X-Client-Info + - X-Supabase-Api-Version + - apikey + - Prefer + - Range + - Range-Unit + - X-Requested-With + - x-upsert + exposed_headers: + - Content-Range + - Content-Profile + - X-Total-Count + credentials: true + max_age: 3600 + preflight_continue: false ## Edge Functions routes - name: functions-v1 _comment: 'Edge Functions: /functions/v1/* -> http://functions:9000/*' @@ -195,7 +509,41 @@ services: - /functions/v1/ plugins: - name: cors - + config: + origins: + - "https://app.classroomcopilot.ai" + - "https://api.classroomcopilot.ai" + - "http://192.168.0.74" + - "http://localhost:3000" # keep for local dev if needed + - "http://localhost:5173" # vite default + methods: + - GET + - POST + - PUT + - PATCH + - DELETE + - OPTIONS + - HEAD + headers: + - Accept + - Accept-Profile + - Authorization + - Content-Type + - Content-Profile + - X-Client-Info + - X-Supabase-Api-Version + - apikey + - Prefer + - Range + - Range-Unit + - X-Requested-With + exposed_headers: + - Content-Range + - Content-Profile + - X-Total-Count + credentials: true + max_age: 3600 + preflight_continue: false ## Analytics routes - name: analytics-v1 _comment: 'Analytics: /analytics/v1/* -> http://logflare:4000/*' @@ -243,25 +591,41 @@ services: - name: cors config: origins: - - "http://localhost:3000" - - "http://127.0.0.1:3000" + - "https://app.classroomcopilot.ai" + - "https://api.classroomcopilot.ai" + - "http://192.168.0.74" + - "http://localhost:3000" # keep for local dev if needed + - "http://localhost:5173" # vite default - "http://192.168.0.94:50001" + - "http://192.168.0.74" methods: - GET - POST + - PUT + - PATCH - DELETE - OPTIONS + - HEAD headers: - Accept + - Accept-Profile - Authorization - Content-Type + - Content-Profile - X-Client-Info + - X-Supabase-Api-Version - apikey - - Mcp-Session-Id + - Prefer + - Range + - Range-Unit + - X-Requested-With exposed_headers: - - Mcp-Session-Id + - Content-Range + - Content-Profile + - X-Total-Count credentials: true max_age: 3600 + preflight_continue: false ## Protected Dashboard - catch all remaining routes #- name: dashboard