From 9457aa1ede3f611948231b7a9165c5c09e0ec9e3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bu=C4=9Fra?= Date: Thu, 10 Jul 2025 04:04:23 +0300 Subject: [PATCH] fix: resolve CORS issues with Netlify Identity and add security headers for custom domain --- DECAP_CMS_SETUP.md | 33 +++++++++++++++++++++------------ public/decapcms/config.yml | 2 ++ public/netlify.toml | 16 ++++++++++++++++ src/layouts/Layout.astro | 4 ++-- src/pages/auth.astro | 4 ++-- 5 files changed, 43 insertions(+), 16 deletions(-) diff --git a/DECAP_CMS_SETUP.md b/DECAP_CMS_SETUP.md index 8341e9d..bb5be28 100644 --- a/DECAP_CMS_SETUP.md +++ b/DECAP_CMS_SETUP.md @@ -118,23 +118,32 @@ Netlify redirect rules for admin routing ## Troubleshooting -### Fixed Issues: +### Current Issue: CORS Error -✅ **"Unable to access identity settings"** - This was fixed by enabling Identity and Git Gateway in Netlify -✅ **Confirmation email links not working** - Created `/auth` page to handle authentication tokens +❌ **CORS Error**: `Access to script at 'https://identity.netlify.com/v1/netlify-identity-widget.js' from origin 'https://taslak.radio.org.tr' has been blocked by CORS policy` -### Current Setup Status: +**This means**: Netlify Identity is not properly configured for your custom domain `taslak.radio.org.tr` -The site now has: -- Custom authentication handler at `/auth` -- Proper redirect handling for confirmation emails -- Automatic routing from hash-based tokens to query parameters +### Solutions (Try in order): -**If you're still getting confirmation email issues:** +#### Solution 1: Configure Custom Domain in Netlify Identity 1. Go to https://app.netlify.com/sites/ym1ktc/settings/identity -2. Check that Identity is enabled -3. Go to Services tab and ensure "Git Gateway" is enabled -4. The confirmation links should now work properly +2. Check **"Site domains"** section +3. Add `taslak.radio.org.tr` to allowed domains +4. Save and wait 5-10 minutes for DNS propagation + +#### Solution 2: Use Primary Netlify Domain for Admin +- Use https://ym1ktc.netlify.app/admin/ instead of custom domain for CMS access +- This should work immediately as it's the primary domain + +#### Solution 3: Alternative Git-based Workflow (Recommended) +- Use GitHub-based editing instead of Netlify CMS +- Content editors can edit markdown files directly in GitHub +- Changes auto-deploy to Netlify + +### Quick Test: +Try accessing: https://ym1ktc.netlify.app/admin/ +If this works, the issue is custom domain configuration. ### Common Issues: diff --git a/public/decapcms/config.yml b/public/decapcms/config.yml index 465872d..351bf99 100644 --- a/public/decapcms/config.yml +++ b/public/decapcms/config.yml @@ -5,6 +5,8 @@ backend: media_folder: 'src/assets/images' public_folder: '/_astro' +locale: 'tr' # Türkçe olarak ayarlandı + site_url: https://taslak.radio.org.tr display_url: https://taslak.radio.org.tr diff --git a/public/netlify.toml b/public/netlify.toml index e98b37e..35b7730 100644 --- a/public/netlify.toml +++ b/public/netlify.toml @@ -1,6 +1,22 @@ [build] publish = "dist" +[context.production.environment] + NETLIFY_SITE_URL = "https://taslak.radio.org.tr" + +[[headers]] + for = "/*" + [headers.values] + X-Frame-Options = "DENY" + X-XSS-Protection = "1; mode=block" + X-Content-Type-Options = "nosniff" + Referrer-Policy = "strict-origin-when-cross-origin" + +[[headers]] + for = "/decapcms/*" + [headers.values] + X-Frame-Options = "SAMEORIGIN" + [[redirects]] from = "/#confirmation_token=*" to = "/auth?confirmation_token=:splat" diff --git a/src/layouts/Layout.astro b/src/layouts/Layout.astro index f6cce8d..b061347 100644 --- a/src/layouts/Layout.astro +++ b/src/layouts/Layout.astro @@ -37,7 +37,7 @@ const { language, textDirection } = I18N; - + @@ -49,7 +49,7 @@ const { language, textDirection } = I18N; - +