diff --git a/docker-compose.yml b/docker-compose.yml index 182d89b..602866d 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -63,7 +63,7 @@ services: environment: - NODE_ENV=development - VITE_HOST=0.0.0.0 - - VITE_ALLOWED_HOSTS=${VITE_ALLOWED_HOSTS:-localhost,spotlight.cam,.spotlight.cam} + - VITE_ALLOWED_HOSTS=${VITE_ALLOWED_HOSTS:-all} stdin_open: true tty: true command: npm run dev diff --git a/nginx/conf.d/default.conf b/nginx/conf.d/default.conf index 85ca865..e687005 100644 --- a/nginx/conf.d/default.conf +++ b/nginx/conf.d/default.conf @@ -22,8 +22,8 @@ server { # Content Security Policy (permissive for dev, tighten for production) add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' ws: wss:; media-src 'self' blob:; object-src 'none'; base-uri 'self'; form-action 'self';" always; - # Block access to sensitive files and directories - location ~ /\. { + # Block access to hidden files and directories (but allow .vite for development) + location ~ /\.(git|svn|htaccess|htpasswd|env) { deny all; access_log off; log_not_found off; @@ -37,7 +37,9 @@ server { return 404; } - location ~ ^/(node_modules|\.git|\.vscode|\.idea|docker-compose|Dockerfile|package\.json|package-lock\.json|yarn\.lock|pnpm-lock\.yaml|\.npmrc|\.yarnrc|tsconfig\.json|\.eslintrc|\.prettierrc|prisma|\.env.*|\.db|\.sqlite|\.sql|backup|backups|dumps|logs)/? { + # DEV MODE: node_modules allowed for Vite dependencies + # Block access to sensitive files and directories (excluding node_modules for Vite) + location ~ ^/(\.git|\.vscode|\.idea|docker-compose|Dockerfile|package\.json|package-lock\.json|yarn\.lock|pnpm-lock\.yaml|\.npmrc|\.yarnrc|tsconfig\.json|\.eslintrc|\.prettierrc|prisma|\.env.*|\.db|\.sqlite|\.sql|backup|backups|dumps|logs)/? { deny all; access_log off; log_not_found off;