nginx: Fix missing API authentication configuration.

This fixes a bug where our API routes for uploaded files (where we need to use a consistent URL between session auth and API auth) were not properly configured to pass through the API authentication headers (and otherwise provide REST endpoint settings). In particular, this prevented the Zulip mobile apps from being able to access authenticated image files using these URLs.
2018-11-14 14:58:15 -08:00 · 2018-11-14 14:58:15 -08:00 · ededdc512b
parent 68d81cb25b
commit ededdc512b
1 changed files with 16 additions and 2 deletions
--- a/puppet/zulip/files/nginx/zulip-include-frontend/app
+++ b/puppet/zulip/files/nginx/zulip-include-frontend/app
@ -60,14 +60,28 @@ location / {
    uwsgi_pass django;
 }

+# Certain Django routes not under /api are shared between mobile and
+# web and thus need API headers added.  We don't collapse this with the
+# above block for /events, because regular expressions take priority over
+# paths in nginx's order-of-operations, and we don't want to override the
+# tornado stuff.
+location ~ ^/(user_uploads|avatar|thumbnail)/ {
+    add_header Access-Control-Allow-Origin *;
+    add_header Access-Control-Allow-Headers Authorization;
+    add_header Access-Control-Allow-Methods 'GET, POST, DELETE, PUT, PATCH, HEAD';
+
+    include uwsgi_params;
+    uwsgi_pass django;
+}
+
+# Send all API routes not covered above to Django via uWSGI
 location /api/ {
    add_header Access-Control-Allow-Origin *;
    add_header Access-Control-Allow-Headers Authorization;
    add_header Access-Control-Allow-Methods 'GET, POST, DELETE, PUT, PATCH, HEAD';

    include uwsgi_params;
-    uwsgi_pass  django;
-
+    uwsgi_pass django;
 }

 include /etc/nginx/zulip-include/app.d/*.conf;