feat: remove basic auth for graphql for WP

openfoodfacts · Aug 26, 2024 · 3d472f8 · 3d472f8
1 parent f80c476
commit 3d472f8
Showing 1 changed file with 7 additions and 12 deletions.
diff --git a/confs/ovh1-reverse-proxy/nginx/conf.d/contents.conf b/confs/ovh1-reverse-proxy/nginx/conf.d/contents.conf
@@ -1,4 +1,10 @@
 
+# decide wether to use basic auth
+map $request_uri $contents_wp_auth {
+  default "Auth";
+  # exclude graphql urls (index.php?graphql or /graphql)
+  "~*\bgraphql\b" off;
+}
 
 server {
     server_name  contents.openfoodfacts.org;
@@ -8,7 +14,7 @@ server {
     # Require an "off" username and "off" password to make sure
     # the site is not indexed by search engines
     # and user don't land there by luck
-    auth_basic          "Auth";
+    auth_basic         $contents_wp_auth;
     auth_basic_user_file /etc/nginx/off.htpasswd;
 
     location / {
@@ -20,17 +26,6 @@ server {
         proxy_set_header    X-Forwarded-Proto $scheme;
     }
 
-    # remove auth for graphql API
-    location /graphql {
-        auth_basic          off;
-        proxy_pass          http://10.1.0.130:80;
-        proxy_redirect      off;
-        proxy_set_header    Host $host;
-        proxy_set_header    X-Real-IP $remote_addr;
-        proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header    X-Forwarded-Proto $scheme;
-    }
-
 
     listen 443 ssl; # managed by Certbot
     ssl_certificate /etc/letsencrypt/live/contents.openfoodfacts.org/fullchain.pem; # managed by Certbot