changes

llama/nginx.conf

@@ -20,21 +20,36 @@ http {
         text/plain
         text/xml;
 
+    # CORS headers for OAuth redirects
+    map $http_origin $cors_origin {
+        default "";
+        "https://llama.story-basking.ts.net" $http_origin;
+    }
+
     server {
         listen 80;
         server_name _;
 
-        auth_basic "Restricted Access";
-        auth_basic_user_file /etc/nginx/.htpasswd;
-
         client_max_body_size 100M;
 
         location / {
-            proxy_pass http://workstation:5082;
+            # Add CORS headers to all responses
+            add_header Access-Control-Allow-Origin $cors_origin always;
+            add_header Access-Control-Allow-Credentials true always;
+            add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
+            add_header Access-Control-Allow-Headers "DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization" always;
+
+            # Handle preflight requests
+            if ($request_method = OPTIONS) {
+                return 204;
+            }
+
+            proxy_pass http://llama_oauth2_proxy:4180;
             proxy_set_header Host $host;
             proxy_set_header X-Real-IP $remote_addr;
             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
             proxy_set_header X-Forwarded-Proto $scheme;
+            proxy_set_header X-Auth-Request-Redirect $request_uri;
 
             proxy_http_version 1.1;
             proxy_set_header Upgrade $http_upgrade;
@@ -43,6 +58,10 @@ http {
             proxy_connect_timeout 60s;
             proxy_send_timeout 60s;
             proxy_read_timeout 60s;
+
+            # Important: Pass cookies properly
+            proxy_pass_header Set-Cookie;
+            proxy_cookie_domain localhost llama.story-basking.ts.net;
         }
     }
 }