From db63aa7d10dbd10d5d041a974590a3e42e1f6323 Mon Sep 17 00:00:00 2001 From: Oier Bravo Urtasun Date: Thu, 11 Jun 2026 02:05:54 +0200 Subject: [PATCH] fix(caddy): allow CORS on distribution /launcher/* for launcher.json fetch The landing page (apex origin) fetches launcher.json from the distribution vhost cross-origin to render download buttons; add Access-Control-Allow-Origin on /launcher/* so the browser doesn't block it. Public assets, no credentials. Co-Authored-By: Claude Opus 4.8 --- caddy/conf.d/30-distribution.caddy | 3 +++ 1 file changed, 3 insertions(+) diff --git a/caddy/conf.d/30-distribution.caddy b/caddy/conf.d/30-distribution.caddy index 55af256..036a6eb 100644 --- a/caddy/conf.d/30-distribution.caddy +++ b/caddy/conf.d/30-distribution.caddy @@ -3,5 +3,8 @@ # /srv/distribution by the caddy service in docker-compose.yml. http://distribution.{$BASE_DOMAIN} { root * /srv/distribution + # The landing page (apex origin) fetches launcher.json cross-origin to render + # the download buttons. Allow it — launcher assets are fully public, no creds. + header /launcher/* Access-Control-Allow-Origin "*" file_server browse }