chore: remove nginx cors (#1557)

Author: appflowy

nginx/nginx.conf

@@ -52,17 +52,6 @@ http {
 
         # GoTrue
         location /gotrue/ {
-            if ($request_method = 'OPTIONS') {
-                add_header 'Access-Control-Allow-Origin' $cors_origin always;
-                add_header 'Access-Control-Allow-Credentials' 'true' always;
-                add_header 'Access-Control-Allow-Headers' '*' always;
-                add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, PATCH, OPTIONS' always;
-                add_header 'Access-Control-Max-Age' 3600 always;
-                add_header 'Content-Type' 'text/plain charset=UTF-8' always;
-                add_header 'Content-Length' 0 always;
-                return 204;
-            }
-
             proxy_pass $gotrue_backend;
 
             rewrite ^/gotrue(/.*)$ $1 break;
@@ -75,24 +64,6 @@ http {
 
         # WebSocket
         location /ws {
-            # Handle preflight OPTIONS requests
-            if ($request_method = 'OPTIONS') {
-                add_header 'Access-Control-Allow-Origin' $cors_origin always;
-                add_header 'Access-Control-Allow-Credentials' 'true' always;
-                add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type, X-Requested-With' always;
-                add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
-                add_header 'Access-Control-Max-Age' 1728000 always;
-                add_header 'Content-Type' 'text/plain charset=UTF-8' always;
-                add_header 'Content-Length' 0 always;
-                return 204;
-            }
-
-            # Add CORS headers to all responses
-            add_header 'Access-Control-Allow-Origin' $cors_origin always;
-            add_header 'Access-Control-Allow-Credentials' 'true' always;
-            add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type, X-Requested-With' always;
-            add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
-
             # Existing proxy configuration
             proxy_pass $appflowy_cloud_backend;
 
@@ -111,36 +82,11 @@ http {
             proxy_set_header X-Request-Id $request_id;
             proxy_set_header Host $http_host;
 
-            # Set CORS headers for other requests
-            if ($request_method = 'OPTIONS') {
-                add_header 'Access-Control-Allow-Origin' $cors_origin always;
-                add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, PATCH, OPTIONS' always;
-                add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization, Accept, Client-Version, Device-Id' always;
-                add_header 'Access-Control-Max-Age' 3600 always;
-                return 204;
-            }
-
-            add_header 'Access-Control-Allow-Origin' $cors_origin always;
-            add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, PATCH, OPTIONS' always;
-            add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization, Accept, Client-Version, Device-Id' always;
-            add_header 'Access-Control-Max-Age' 3600 always;
 
             location ~* ^/api/workspace/([a-zA-Z0-9_-]+)/publish$ {
                 proxy_pass $appflowy_cloud_backend;
                 proxy_request_buffering off;
                 client_max_body_size 256M;
-                if ($request_method = 'OPTIONS') {
-                    add_header 'Access-Control-Allow-Origin' $cors_origin always;
-                    add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, PATCH, OPTIONS' always;
-                    add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization, Accept, Client-Version, Device-Id' always;
-                    add_header 'Access-Control-Max-Age' 3600 always;
-                    return 204;
-                }
-
-                add_header 'Access-Control-Allow-Origin' $cors_origin always;
-                add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, PATCH, OPTIONS' always;
-                add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization, Accept, Client-Version, Device-Id' always;
-                add_header 'Access-Control-Max-Age' 3600 always;
             }
 
             # AppFlowy-Cloud
@@ -165,12 +111,6 @@ http {
                 proxy_set_header X-Request-Id $request_id;
                 proxy_set_header Host $http_host;
 
-                # Handle CORS
-                add_header 'Access-Control-Allow-Origin' $cors_origin always;
-                add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, PATCH, OPTIONS' always;
-                add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization, Accept, Device-Id' always;
-                add_header 'Access-Control-Max-Age' 3600 always;
-
                 # Timeouts
                 proxy_read_timeout 600s;
                 proxy_connect_timeout 600s;