0440dc809f
Gitea raw file responses do not send Access-Control-Allow-Origin, so browser fetches from the Vercel-served status page were blocked cross-origin. Add a Vercel rewrite that maps /data/(.*) -> git.moleculesai.app/molecule-ai/molecule-ai-status/raw/branch/main/$1 so the browser only sees same-origin requests; Vercel handles the upstream fetch server-side and returns the body to the browser. Tradeoff - Adds one network hop (browser -> Vercel edge -> Gitea -> Vercel -> browser). Vercel caches per the Cache-Control: public, max-age=60 header on /data/, so steady-state is one upstream hit per minute per file. Acceptable. - Decouples the page from Gitea CORS posture — if/when Gitea ships Access-Control-Allow-Origin headers (probably correct long-term), the page can be flipped back to direct fetch by removing the rewrite. What did NOT change: probe binary, cron, file paths in history/, .upptimerc.yml. The data flow is identical; only the URL the browser uses changed.
34 lines
902 B
JSON
34 lines
902 B
JSON
{
|
|
"version": 2,
|
|
"name": "molecule-ai-status",
|
|
"rewrites": [
|
|
{
|
|
"source": "/data/(.*)",
|
|
"destination": "https://git.moleculesai.app/molecule-ai/molecule-ai-status/raw/branch/main/$1"
|
|
}
|
|
],
|
|
"headers": [
|
|
{
|
|
"source": "/(.*)",
|
|
"headers": [
|
|
{ "key": "X-Frame-Options", "value": "DENY" },
|
|
{ "key": "X-Content-Type-Options", "value": "nosniff" },
|
|
{ "key": "Referrer-Policy", "value": "strict-origin-when-cross-origin" },
|
|
{ "key": "Permissions-Policy", "value": "camera=(), microphone=(), geolocation=()" }
|
|
]
|
|
},
|
|
{
|
|
"source": "/(index.html|app.js)",
|
|
"headers": [
|
|
{ "key": "Cache-Control", "value": "public, max-age=60, s-maxage=60" }
|
|
]
|
|
},
|
|
{
|
|
"source": "/data/(.*)",
|
|
"headers": [
|
|
{ "key": "Cache-Control", "value": "public, max-age=60, s-maxage=60" }
|
|
]
|
|
}
|
|
]
|
|
}
|