SilverLABS/littleshop
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
c5e1fce271
littleshop/PUSH-NOTIFICATION-FIX.md
SysAdmin c5e1fce271 Fix: Update nginx CORS config and document push notification setup 
- Added CORS headers for admin.dark.side domain
- Added no-cache headers for PWA JavaScript files
- Documented push notification configuration steps
- Fixed split-tunnel VPN compatibility

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-01 14:09:23 +01:00

93 lines
3.1 KiB
Markdown
Raw Blame History

# Push Notification Fix for Dark.Side Domain
## Issue
Push notifications failing because nginx doesn't have proper CORS headers for the `admin.dark.side` domain and the callback endpoints.
## Solution
The VAPID configuration is already correct with `mailto:admin@littleshop.local` which allows domain-independent operation. The issue is the nginx CORS configuration.
## Current Status
**VAPID Subject**: Using `mailto:` format (domain-independent)
**Push Notification Code**: 15-second timeout implemented
**Nginx CORS**: Needs update for `admin.dark.side` domain
## Required Fix
### Option 1: Update nginx-proxy-manager Custom Config
If using nginx-proxy-manager UI:
1. Access nginx-proxy-manager at `http://10.13.13.1:81`
2. Edit the proxy host for `admin.dark.side`
3. Go to the "Advanced" tab
4. Add the custom nginx configuration from `nginx-push-fix-dark-side.conf`
### Option 2: Direct nginx Configuration
If using direct nginx configuration files:
1. SSH to server: `ssh -i vps_hardening_key -p 2255 sysadmin@10.13.13.1`
2. Edit the nginx config: `sudo nano /etc/nginx/sites-available/admin-littleshop`
3. Replace the existing CORS headers with the configuration from `nginx-push-fix-dark-side.conf`
4. Test: `sudo nginx -t`
5. Reload: `sudo systemctl reload nginx`
## Key Changes Needed
### Current (Problematic)
```nginx
add_header 'Access-Control-Allow-Origin' 'https://admin.dark.side' always;
```
### Updated (Working)
```nginx
# Dynamic CORS for dark.side domains
set $cors_origin "";
if ($http_origin ~* (https?://.*\.dark\.side|https?://admin\.dark\.side)) {
set $cors_origin $http_origin;
}
if ($cors_origin = "") {
set $cors_origin "https://admin.dark.side";
}
add_header 'Access-Control-Allow-Origin' $cors_origin always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization, X-Requested-With' always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
# Handle preflight OPTIONS requests
if ($request_method = 'OPTIONS') {
return 204;
}
```
## Push Notification Endpoints
These endpoints need the CORS fix:
- `/api/push/vapidpublickey` - Gets VAPID public key
- `/api/push/subscribe` - Handles subscription
- `/service-worker.js` - Service worker file
- `/manifest.json` - PWA manifest
- `/pwa.js` - PWA initialization
## Testing After Fix
1. Connect to VPN
2. Visit `https://admin.dark.side`
3. Click the notification bell icon
4. Allow notifications when prompted
5. Check browser console for CORS errors (should be none)
## Expected Behavior
- Notification permission dialog appears
- No CORS errors in browser console
- Push subscription succeeds
- Notifications can be sent/received
## Verification Commands
```bash
# Test VAPID endpoint
curl -H "Origin: https://admin.dark.side" https://admin.dark.side/api/push/vapidpublickey
# Test with OPTIONS (preflight)
curl -X OPTIONS -H "Origin: https://admin.dark.side" -H "Access-Control-Request-Method: POST" https://admin.dark.side/api/push/subscribe
```
Both should return proper CORS headers allowing the dark.side domain.
Reference in New Issue View Git Blame Copy Permalink