I'm going to manually deploy these changes to nginx as I'm doing some testing with the CSSS auth API, but this should, in theory, make configuring CORS for the CSSS API super easy.
In the future we should probably replace '' with just sfucsss.org, but for now is good for testing
Update:
Local devs won't even be able to get CORS to work with localhost (i think cors policy needs HTTPS / an actual hostname that isnt localhost to send cookie credentials) so I went ahead and restricted it to new.sfucsss.org. Currently deployed & working :)
I'm going to manually deploy these changes to nginx as I'm doing some testing with the CSSS auth API, but this should, in theory, make configuring CORS for the CSSS API super easy.
In the future we should probably replace '' with just sfucsss.org, but for now is good for testing
Update:
Local devs won't even be able to get CORS to work with localhost (i think cors policy needs HTTPS / an actual hostname that isnt localhost to send cookie credentials) so I went ahead and restricted it to new.sfucsss.org. Currently deployed & working :)