fix: resolve CORS issues with Netlify Identity and add security headers for custom domain

This commit is contained in:
Buğra
2025-07-10 04:04:23 +03:00
parent 65198cf783
commit 9457aa1ede
5 changed files with 43 additions and 16 deletions
+21 -12
View File
@@ -118,23 +118,32 @@ Netlify redirect rules for admin routing
## Troubleshooting
### Fixed Issues:
### Current Issue: CORS Error
**"Unable to access identity settings"** - This was fixed by enabling Identity and Git Gateway in Netlify
**Confirmation email links not working** - Created `/auth` page to handle authentication tokens
**CORS Error**: `Access to script at 'https://identity.netlify.com/v1/netlify-identity-widget.js' from origin 'https://taslak.radio.org.tr' has been blocked by CORS policy`
### Current Setup Status:
**This means**: Netlify Identity is not properly configured for your custom domain `taslak.radio.org.tr`
The site now has:
- Custom authentication handler at `/auth`
- Proper redirect handling for confirmation emails
- Automatic routing from hash-based tokens to query parameters
### Solutions (Try in order):
**If you're still getting confirmation email issues:**
#### Solution 1: Configure Custom Domain in Netlify Identity
1. Go to https://app.netlify.com/sites/ym1ktc/settings/identity
2. Check that Identity is enabled
3. Go to Services tab and ensure "Git Gateway" is enabled
4. The confirmation links should now work properly
2. Check **"Site domains"** section
3. Add `taslak.radio.org.tr` to allowed domains
4. Save and wait 5-10 minutes for DNS propagation
#### Solution 2: Use Primary Netlify Domain for Admin
- Use https://ym1ktc.netlify.app/admin/ instead of custom domain for CMS access
- This should work immediately as it's the primary domain
#### Solution 3: Alternative Git-based Workflow (Recommended)
- Use GitHub-based editing instead of Netlify CMS
- Content editors can edit markdown files directly in GitHub
- Changes auto-deploy to Netlify
### Quick Test:
Try accessing: https://ym1ktc.netlify.app/admin/
If this works, the issue is custom domain configuration.
### Common Issues:
+2
View File
@@ -5,6 +5,8 @@ backend:
media_folder: 'src/assets/images'
public_folder: '/_astro'
locale: 'tr' # Türkçe olarak ayarlandı
site_url: https://taslak.radio.org.tr
display_url: https://taslak.radio.org.tr
+16
View File
@@ -1,6 +1,22 @@
[build]
publish = "dist"
[context.production.environment]
NETLIFY_SITE_URL = "https://taslak.radio.org.tr"
[[headers]]
for = "/*"
[headers.values]
X-Frame-Options = "DENY"
X-XSS-Protection = "1; mode=block"
X-Content-Type-Options = "nosniff"
Referrer-Policy = "strict-origin-when-cross-origin"
[[headers]]
for = "/decapcms/*"
[headers.values]
X-Frame-Options = "SAMEORIGIN"
[[redirects]]
from = "/#confirmation_token=*"
to = "/auth?confirmation_token=:splat"
+2 -2
View File
@@ -37,7 +37,7 @@ const { language, textDirection } = I18N;
<Analytics />
<!-- Netlify Identity for Decap CMS -->
<script src="https://identity.netlify.com/v1/netlify-identity-widget.js"></script>
<script is:inline src="https://identity.netlify.com/v1/netlify-identity-widget.js"></script>
<!-- Comment the line below to disable View Transitions -->
<ClientRouter fallback="swap" />
@@ -49,7 +49,7 @@ const { language, textDirection } = I18N;
<BasicScripts />
<!-- Netlify Identity initialization -->
<script>
<script is:inline>
if (window.netlifyIdentity) {
window.netlifyIdentity.on('init', (user) => {
// Check if we're on a page that needs authentication handling
+2 -2
View File
@@ -8,7 +8,7 @@
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>Kimlik Doğrulama - ARC</title>
<script src="https://identity.netlify.com/v1/netlify-identity-widget.js"></script>
<script is:inline src="https://identity.netlify.com/v1/netlify-identity-widget.js"></script>
<style>
body {
font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
@@ -78,7 +78,7 @@
</div>
</div>
<script>
<script is:inline>
// Handle Netlify Identity authentication
if (window.netlifyIdentity) {
// Handle the confirmation/recovery tokens