Improve CORS origin handling; extend invoice repo/service and payments dispatch; rate limit and nginx config updates

Made-with: Love
2026-04-29 05:44:59 +00:00
parent 2cb17df4c5
commit a01797e9b2
12 changed files with 224 additions and 35 deletions
--- a/deploy/nginx.conf
+++ b/deploy/nginx.conf
@@ -45,7 +45,8 @@ server {
        proxy_http_version 1.1;
        proxy_set_header Connection "";

-        add_header Access-Control-Allow-Origin "*" always;
+        # Do not set CORS headers here — nip05api sends a single reflected Origin (see FRONTEND_URL / CORS_* env).
+        # Duplicate ACAO headers break browsers ("multiple values").
        add_header Cache-Control "public, max-age=60" always;
    }